Configuration Guide for MVAP Customers

Transcription

Relay2 Cloud Service Manager Configuration Guide for MVAP Customers Date
2016-03-06
Document Type
Configuration Guide
Version: 1.7.1
Relay2 Cloud Service Manager Configuration Guide for MVAP Customers
Version 1.7.1
Revision History Version No.
Date Released Comments
1.7.1 2016-‐03-‐06 Initial document. Copyright © 2016 Relay2 Incorporated. All rights reserved.
Information in this document is subject to change without notice. It describes the introduction of the product specified
this document. The guide is intended for use by registered Relay2 Incorporated users for purposes explicitly expressed
under the agreement for which the document was submitted; no part may be modified, used, reproduced, or
transmitted in any medium without the written and expressed permission of Relay2 Inc. This document was prepared
for professionals and personnel with proper training – users assume full responsibility when using the product and its
features.
The information or statements within this document regarding: suitability, capacity, or performance of the
aforementioned software or hardware products are given “as is”; any liability arising in connection with the software or
hardware products shall be defined conclusively and wholly in a separate agreement between Relay2 Incorporated and
the customer. Relay2 Incorporated has made every effort to ensure the instructions contained within this document are
adequate, free of material errors, and omissions. If deemed necessary by Relay2 Incorporated, further technical
support to explain issues that may not be covered within the guide will be provided.
Relay2 Incorporated shall always correct any and all errors within this document at all times as far as possible. IN NO
EVENT SHALL RELAY2 INC. BE LIABLE FOR ERRORS WITHIN THIS DOCUMENTAT OR FOR ANY DAMAGES;
INCLUDING, BUT NOT LIMITED TO SPECIAL, DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL LOSSES – SUCH
AS BUT NOT LIMITED TO LOSS OF PROFITS, REVENUE, INTERRUPTION OF BUSINESS, BUSINESS OPPORTUNITIES
OR DATA, THAT MAY ARISE FROM THE USE OF THIS DOCUMENT AND THE INFORMATION WITHIN.
This document and the product described are protected by copyrights and intellectual property rights according to
applicable laws.
Other product names mentioned within this document may be trademarks of their respective owners, and are
mentioned for reference purposes only.
Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
2
Version 1.7.1
Table of Contents 1.0 General Information ............................................................................................................. 5 1.1 Purpose .............................................................................................................................................. 5 1.2 Intended Audience ............................................................................................................................ 5 1.3 Related Documents ........................................................................................................................... 5 1.4 Logging In ........................................................................................................................................... 5 1.5 Customer Service Contact .................................................................................................................. 6 2.0 Overview ............................................................................................................................... 7 2.1 Relay2 Cloud-‐based WLAN Solution .................................................................................................. 7 2.2 DC, SP, Customer Tiers and Account Levels ..................................................................................... 11 2.3 Operational Requirements .............................................................................................................. 15 2.4 Configuration Requirements ........................................................................................................... 18 2.5 Relay2 Cloud Wireless Manager ...................................................................................................... 18 2.6 Navigating the GUI ........................................................................................................................... 19 3.0 Provisions and Configuring .............................................................................................. 21 3.1 Relay2 Cloud-‐based Access Point Installation and Discovery .......................................................... 21 4.0 Upgrading and Rebooting the AP ..................................................................................... 24 4.1 Rebooting the AP ............................................................................................................................. 24 4.2 Upgrading the AP ............................................................................................................................. 24 5.0 Monitoring ........................................................................................................................... 25 5.1 Dashboard View ............................................................................................................................... 25 5.2 Map View ......................................................................................................................................... 27 5.3 Virtual AP View ................................................................................................................................ 28 5.4 Access Point View ............................................................................................................................ 29 5.5 Event View ....................................................................................................................................... 38 5.6 Notification View ............................................................................................................................. 39 5.7 WLAN View ...................................................................................................................................... 39 5.8 Connected Client Station ................................................................................................................. 42 5.9 Client Station History ....................................................................................................................... 44 6.0 Configuration ...................................................................................................................... 47 6.1 Configuring WLAN ............................................................................................................................ 47 6.2 Configuring a WLAN Template ......................................................................................................... 74 Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
3
Version 1.7.1
6.3 Configuring Security Solution List .................................................................................................... 75 7.0 Services............................................................................................................................... 86 7.1 Web Cache Domain Profile .............................................................................................................. 86 7.2 Web Cache Refresh URL Profile ....................................................................................................... 88 7.3 AP MAC Insertion Domain Profile .................................................................................................... 89 7.4 HTTP Capture Files ........................................................................................................................... 89 7.5 Client RSSI Files ................................................................................................................................ 90 7.6 Banner Insertion .............................................................................................................................. 91 8.0 Reports ................................................................................................................................ 97 8.1 Generating Reports .......................................................................................................................... 97 8.2 Checking Generated Reports ......................................................................................................... 100 8.3 Viewing Reports Online ................................................................................................................. 100 8.4 Saving Reports to a Local Disk ....................................................................................................... 100 8.5 Delete Report ................................................................................................................................. 100 9.0 Account Administration................................................................................................... 101 9.1 User Account Management (UAM) ............................................................................................... 101 9.2 Account Settings ............................................................................................................................ 103 9.3 Notification Setting ........................................................................................................................ 104 10.0 Tools Menu ..................................................................................................................... 106 10.1 BSS (Business Services System) .................................................................................................... 106 11.0 Abbreviations ................................................................................................................. 108 Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
4
Version 1.7.1
1.0 General Information 1.1 Purpose This manual shall provide the necessary information in order to set up and configure the Relay2 Cloud Wireless Manager (CWM) for Managed Virtual Access Point (MVAP) customers. 1.2 Intended Audience This Configuration Guide is intended specifically for MVAP customers. The Dashboard view gives an MVAP customer a quick overview of the deployment at a glance. 1.3 Related Documents There are the following four different account levels for the Relay2 Cloud-‐based WLAN system: 1. Service Provider (refer to the Relay2 Cloud Wireless Manager Configuration Guide for Service Provider Administrators). 2. MVAP SP/MVAP Customer (refer to the Relay2 Cloud Wireless Manager Configuration Guide for MVAP SP Administrators). 3. AP Customer or End Customer (refer to the Relay2 Cloud Wireless Manager Configuration Guide for the End-‐Customer). 4. Virtual AP Customer or Virtual End Customer (this manual is for MVAP Customers). 1.3.1 Other Related Documents •
•
•
•
•
•
Relay2 Enterprise Access Point RA100 Datasheet Relay2 Enterprise Access Point RA200 Datasheets Relay2 Enterprise Cloud Service Manager Datasheet Relay2 Cloud-‐based WLAN Access Point Hardware Installation Guide Relay2 Quick Start Guide Relay2 Quick Start Guide for SP (Service Provider) Users 1.4 Logging In Perform the following to log into your Relay2 web account: STEP1: Enter https://<xxx>.relay2.net into your browser URL window and login, where <xxx> shall be provided by Relay2 customer service. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
5
Version 1.7.1
1.5 Customer Service Contact For assistance please contact Relay2 customer service. Once you are logged in to your Relay2 web account, click on the Help icon on the right top panel to view the Customer Service and Support information. A window displays showing the following information: Cloud Wireless Management System Version (Build version) Customer Services and Support Email: [email protected] Phone: 14083800031 Address: 1525 McCarthy Blvd., Suite 209, Milpitas, CA 95035 Website: www.relay2.com On logging in the SP administrator will see the following main menu on the top panel. Monitor Configure App Manager Reports Admin Tools Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
6
Version 1.7.1
2.0 Overview 2.1 Relay2 Cloud-‐based WLAN Solution The Relay2 Cloud-‐based Wireless LAN solution is designed to provide 802.11 wireless networking and edge service delivery for enterprises, SMBs, and service providers. The Relay2 system consists of a Relay2 cloud-‐
based Wireless LAN Controller and its associated Relay2 Enterprise Service-‐Ready Access Points (SR-‐AP). The Relay2 system simplifies WLAN deployments compared to traditional hardware-‐based WLAN Controller. The Relay2 CWM provides easy-‐to-‐manage WLAN management for large-‐scale and multiple distributed locations. 2.1.1 Relay2 Enterprise Smart AP (RA100 and RA200) The Relay2 Enterprise Service-‐Ready AP (SR-‐AP) is an enterprise-‐grade Access Point designed for high-‐
density deployments in offices, schools, hospitals, airports, and hotels that require premium wireless network performance. The RA100 SR-‐AP features dual concurrent frequency band operation (802.11b/g/n 2.4GHz and 802.11a/n 5GHz), MIMO 802.11n, delivering high throughput up to 900 Mbps and reliable coverage required by the most demanding business applications like voice over IP (VoIP) and high definition streaming video. The RA200 SR-‐AP adds support for 802.11ac in 5GHz, delivering ultra-‐high throughput up to 1300 Mbps. Auto-‐discovery and self-‐configuration: When plugged in, the Relay2 SR-‐AP automatically discovers and connects to the Relay2 Cloud Service Manager, downloads its configuration, software image update, and joins the appropriate network. Remote monitoring and diagnostics: The Relay2 SR-‐AP is monitored 24x7 from the Relay2 Cloud Service Manager, which delivers real-‐time alerts if the network encounters problems. Remote diagnostics tools enable real-‐time troubleshooting over the web and across multisite and distributed networks. Remote software upgrade: The Relay2 SR-‐AP’s software is always kept up-‐
to-‐date via the cloud. New features and enhancements are seamlessly delivered without manual software updates to download. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
7
Version 1.7.1
2.1.2 Cloud-‐based Wireless Controller Solution The Relay2 solution is different from the traditional enterprise-‐grade WLAN system, in that it does not use a hardware-‐based AC (Access Controller) to manage and control the APs (Access Points). The Relay2 cloud-‐
based wireless controller solution controls associated APs through a cloud-‐based Software-‐as-‐a-‐Service (SaaS) WLAN Controller. The Relay2 CWM provides users with an online user interface via their web browser making it accessible at any location and time. The interface is intuitive and enables rapid deployment. Relay2 APs are designed for plug-‐and-‐play installation, and can be deployed at a remote location without requiring a hardware-‐based AC (Access Controller) at each on-‐site location. The Relay2 cloud-‐based solution also significantly reduces the TCO (Total-‐Cost-‐of-‐Ownership) for deploying Enterprise-‐grade WLAN systems by eliminating the hardware-‐based controller. The Relay2 CWM is maintained 24x7 by Relay2 and we provide all the necessary support to keep your WLAN system up and running smoothly around the clock. Figure 1-1 Relay2 Cloud-‐based WLAN System vs. Traditional WLAN System
8
Version 1.7.1
2.1.3 MVAP (Managed Virtual Access Point) Besides virtualization of the access controller, Relay2 also supports virtualization of its Access Point. This feature, Managed Virtual Access Point (MVAP), allows each SSID on a physical AP to be mapped to a virtual AP. SSIDs on the same or different physical APs can be organized into VAP groups and VAP networks. Figure 1-2 Relay2 MVAP Benefits for MVAP customer are: •
•
•
•
Hands-‐off WiFi provisioning and management – MVAP customers need only to configure WLAN settings and not much else Extended corporate network to public common areas within the venue Lower CAPEX because physical APs are shared between different customers Lower OPEX because customer does not need to build WLAN competence for WLAN deployment and daily maintenance Each physical AP (PAP) can be configured to up to 8 Virtual AP. To make configuration easier, VAP Network, VAP Group and Venue features are introduced. •
•
•
Virtual AP (VAP) o A dual-‐band, customer configurable WLAN hosted by a physical AP o Each physical AP can host 8 VAPs Venue o An area where physical APs are deployed o The physical AP being used to provide MVAP services is called VAP hosting AP or host AP o A Venue is created and monitored by the SP VAP Group o A VAP group is a set of VAPs for a particular customer that is leasing more than 1 VAP at a time o Has one or more VAPs from one or more host AP(s) o Functions as a Mobility Domain within a venue (refer to section 5.2 Configuring Mobility Domain and VLAN Domain) Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
9
•
Version 1.7.1
VAP Network o A WLAN network spanning across one or multiple physical AP(s) that hosts the same SSID in a venue o Physical network properties (channel selection, power levels, VLAN, etc.) are managed by the SP o WLAN properties (Guest WLAN, SSID, security settings, etc.) are managed by the virtual AP customer Figure 1-3 VAP, Venue, VAP Network and VAP Group
Figure 1-‐3 shows the relationship between venues, MVAP customers, VAP groups, and VAP networks. VLAN0 represents no VLAN being configured for the identified VAP network. Although multiple customers may be sharing the same physical AP, MVAP keeps the individual data planes completely separate from each other, without needing VLANS. However, VLANs can be assigned if the customer desires. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
10
Version 1.7.1
2.2 DC, SP, Customer Tiers and Account Levels There are three different architectural tiers designed into the Relay2 cloud-‐based WLAN system. Figure 1-‐4 Top-‐Down Management Allows for Oversight and Control of Customer Accounts Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
11
Version 1.7.1
Under the three architectural tiers there are four different account levels and account hierarchy designed in the system. They account levels are: 1. DC Owner – First level account type. 2. Service Provider (SP) – Second level account type. 3. MVAP Service Provider and AP Customer – Third level account type. 4. MVAP Customer – Fourth level account type. The hierarchical relationship is shown below. Each account type has a different icon to be easily distinguished from other account types. DC Owner
Service Provider
MVAP Service
Provider
AP Customer
MVAP Customer
Figure 1-‐5 Account Levels The following table shows the different account type icons and their definitions. DC Owner Service Provider MVAP Service Provider AP Customer MVAP Customer Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
12
Version 1.7.1
Account types, their functions and behaviors are described below. DC Owner l
Relay2 NOC administrators are at the top level. They can view and configure any SP and Customer level account. l
Relay2 DC level access allows its administrators to import and export Relay2 APs and user licenses into SP and Customer level accounts. l
Relay2 DC admins can also push software updates down to the SP and Customer level accounts. l
Relay2 DC can manage all of the accounts in the system. There are two kinds of SP accounts, Service Provider (SP) supporting physical APs and MVAP Service Provider supporting virtual APs. Service Provider (SP) Conventional SPs are focused on creating and maintaining customer accounts and inventory. The SP can also manage and monitor the customer’s network if desired, but the SP will need to navigate down to the customer tier to configure network settings by design. l
Service provider partners operate from the SP level. l
SPs should supply Relay2 APs and licenses to their customers. l
Network configuration and management functions can either be performed by the SP or by the customer, depending on the level of service agreed upon. l
SP owns and manages AP Customer, MVAP SP, and MVAP Customer. l
SP has limited BSS functions, i.e., ordering APs, AP licenses, and submitting online payment. l
SP has AP inventory but does not have an operating AP. It can transfer an AP from its inventory to its AP Customer and MVAP SP. l
SP does not own venues, but can manage venues via its customer's MVAP SP accounts. MVAP Service Provider The MVAP SP manages physical AP settings and configures virtual tenant customers using MVAPs. An MVAP SP can also manage customer network if desired. l
It owns venues and operating APs in those venues. l
It owns and manages MVAP Customers. l
It manages VAP Groups and rents out VAPs to its MVAP Customers. l
This account type can have its own login domain name and its logo image. This implies that the MVAP Customer accounts can have a duplicate account name and user name only if they do not belong to the same MVAP SP account. In other words, the MVAP Customer accounts cannot have a duplicate user name or account name if they belong to the same MVAP SP account. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
13
l
Version 1.7.1
This account type does not support external WEB services for 1.6.0. There are two types of end-‐user customers: AP Customer AP Customers purchase and manage their own physical APs. l
This account type owns operating APs. l
Users in this account type use the parent SP login domain for logging into the Cloud NMS Manager. MVAP Customer An MVAP customer is one who uses a partition of a physical AP. An MVAP customer’s management domain pertains mainly to WLAN configuration and management. No control of the AP’s radios or Ethernet settings is allowed. l
This account type has the same functions and behaviors as standard AP customer. l
It creates, manages, and monitors WLAN related functions. l
Users in this account type use its MVAP SP login domain for logging into Cloud NMS Manager. The logo and support information will be from its MVAP SP. l
This account type does not support external WEB services for 1.6.0. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
14
Version 1.7.1
2.3 Operational Requirements 2.3.1 Before You Start Before you start using the Relay2 system, you must acquire a SP account from Relay2. For MVAP SPs, Relay2 Access Points (APs) must be enabled in the cloud. Before you can connect a Relay2 AP to the network, please check and acquire the following information: l
(For MVAP SP only) Relay2 AP’s network connection interface, also referred as the management network interface, is set by default to obtain its IP address from a DHCP server automatically by default. If your network requires the use of a static IP address for a said AP, please check with your service provider regarding how to configure Relay2 AP’s management network interface setting to use a static IP address. l
(For MVAP SP only) A Relay2 AP requires connecting to a network with a stable Internet connection. If your network has a firewall that completely blocks outbound Internet traffic including HTTP and HTTPS traffic, please configure your firewall to at least allow HTTP and HTTPS ports. The above requirements are necessary before you can connect your Relay2 AP to your company network. For more details regarding AP hardware information and further instructions on how to install Relay2 APs, please refer to the Relay2 AP Hardware Installation User Manual. 2.3.2 AP Licenses The Relay2 WLAN solution requires valid licenses for the AP to operate. One license is needed per Relay2 AP on the customer’s network, and each license is active for one year, from the time of purchase. An AP that has been added to an account that has insufficient licenses will be unable to connect to the Relay2 cloud and will be unusable. If an AP is trying to connect to an account with insufficient licenses, the rejected AP will be highlighted in dark grey below the AP with a valid license. Also clicking on the AP will show its status as blocked.
If additional licenses need to be added to an account contact Relay2 or use BSS (see section 8.3 BSS Business Service System) to place an order. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
15
Version 1.7.1
2.3.3 AP Boot Up States The first time you power on your Relay2 AP it can take up to 5 -‐ 10 minutes dependent on the software version installed on your AP. A longer period may be required if the AP detects a new software image available for download. The AP will then automatically download the new software image and perform the software update. This process could result in multiple AP reboot cycles. You can view the LCD screen only on the RA100 display found on the front of the AP to ascertain its current status. The RA200 has LED status lights indicating the AP status for each phase. The following table lists the RA200 LED booting states. RA200 LED Booting States States AP Status LED Display State 1: Power On LED status: Solid Green State 2: R2OS starting LED status: Amber Solid for 2 seconds State 3: R2OS initializing LED status: Amber slow blinking State 4: Radio up and ready LED status: Not affected State 5: SCM connecting LED status: Green slow blinking State 6: CWCL connecting LED status: Green fast blinking State 7: AP up and running LED status: Green solid State 8: AP Image upgrade LED status: Amber fast blinking State 9: AP Radio down LED status: Not affected Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
16
Version 1.7.1
The LCD screen display only on the RA100 shows the various booting states. The following table lists the RA100 LCD booting state messages and their descriptions. RA100 LCD Booting Messages LCD Booting Messages Displayed Description of Messages Welcome to R2OS (The Relay2 Operating System) AP is booting up Bootstrapping AP is connecting to get account information Initializing AP configuration is being pushed from the cloud Connecting AP will connect to certificate server & Cloud-‐based wireless management system (CWM) Registered AP found and registered with the cloud DNLD Image New AP Software image found is being downloaded; AP will reboot after image update is completed Radio 1&2 UP AP has successfully connected to the cloud Please refer to the Appendix for a list defining the AP Boot Up LCD messages. 2.3.4 Preparing your Web Browser To manage APs from the CWM, you must use a compatible web browser to access the Relay2 Access Controller. The Following browsers are currently supported: •
•
•
•
•
Internet Explorer 9 (and above) Google Chrome 26 (and above) Mozilla Firefox 6 (and above) Safari 5 (and above) Opera 12 (and above) Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
17
Version 1.7.1
2.4 Configuration Requirements In traditional enterprise-‐grade WLAN systems, users have to install a hardware WLAN controller first and change their network configuration in order to allow the access points to discover and associate to the controller. The Relay2 enterprise WLAN solution does not require any server installation or network reconfiguration. You only need to open a web account with the Relay2 Cloud Wireless Manager and you can even start configuring your Wireless networking before you receive your Relay2 Access Point hardware. The configuration will be pushed down to the AP as soon as the AP is connected to network and successfully registered with the Relay2 CWM. Of course, you can also configure it after you connect the AP to the network. 2.5 Relay2 Cloud Wireless Manager The Relay2 Cloud Wireless Manager is a web-‐based GUI that network administrators can use to configure, monitor and troubleshoot the APs and WLAN. To connect to the Relay2 Cloud Wireless Manager, enter the following URL address provided by your service provider in your web browser and the login page will display. Once logged in, you can start to configure or monitor the WLAN system on this portal. 2.5.1 Logging In An SP customer can log in as an MVAP customer to configure and monitor the WLAN or AP. STEP1: Launch the Cloud Service Manager web portal via https://<xxx>.relay2.net, where, <xxx> shall be provided by your service provider. STEP2: Enter your MVAP account username and password and press the Log in button. NOTE: The SP customer must acquire a MVAP account with its username and password from Relay2. After which the SP may create other user accounts with assorted roles/privilege on GUI from the master user account. STEP3: Select an MVAP customer account from the pull-‐down menu options in the top panel to view this customer account. 2.5.2 Logging Out STEP1: In the top right corner of the page next to account name [email protected] click the Set icon. STEP2: Click Log Out. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
18
Version 1.7.1
2.5.3 Changing Passwords STEP1: In the top right corner of the page next to account name, which is SP account email address ([email protected]) click the Set icon. STEP2: Click Change Password. STEP3: Enter the Old Password, New Password and then Confirm Password, and click Apply. 2.6 Navigating the GUI The following section explains the buttons to navigate the GUI. 2.6.1 Refreshing the Screen Click on the Refresh icon on the top right top panel to refresh the page after making any changes. 2.6.2 Notifications Click on the Notification icon on the top right panel to view notifications. If a solid red circle displays next to the Notification icon it indicates there is a new notification for you to view. The number of notifications to be viewed will display in the solid red circle. 2.6.3 Upgrade AP Software Click on the Upgrade AP Software icon on the top right panel to upgrade the AP software. A window displays notifying that new Access Point software is available for upgrade. Click Configure -‐> Access Point and select one Access Point and click the Reboot Selected button. Click Confirm to install the new version. 2.6.4 Discovered AP View Click on the New AP(s) icon on the top right panel to view the Discovered AP View window with a list of new AP(s). The MAC Address, longitude, latitude and altitude attributes are displayed in the window. The user can select the AP(s) and authorize them by clicking the Authorize button.
2.6.5 Help Click on the Help icon on the right top panel, to view the Customer Service and Support information. A window displays showing the following information: Cloud Wireless Management System Version (Build version) Customer Services and Support Email: [email protected] Phone: 14083800031 Address: 1525 McCarthy Blvd., Suite 209, Milpitas, CA 95035 Website: www.Relay2.com Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
19
Version 1.7.1
2.6.6 Sorting the Data Click the straight arrow icon in the column heading toggles the data to display in ascending or descending order. 2.6.7 Displaying Current Account Tier The field above the main menu options in the top panel displays the account level you are currently in. Click on the down arrow to view the other available accounts. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
20
Version 1.7.1
3.0 Provisions and Configuring The Configure menu option enables you to configure the various components of the Relay2 Cloud Wireless Manager. The following menu options are displayed under the Configure tab. WLAN WLAN Template Access Point Batch AP Update Mobility Domain Security ACL Policy Profile MAC Filter Profile Client Black Profile White List Profile Radius Server URL Block Profile Allowed Domain Profile Floor Map Tags 3.1 Relay2 Cloud-‐based Access Point Installation and Discovery Before installing a Relay2 access point (AP), you need to make sure that Relay2 has registered your AP into your account inventory. Relay2 should have added your AP’s MAC address into your SP Account before sending the AP to you. You can check inventory by following the steps below: STEP1: Log in to the application. STEP2: Perform the following step to check the inventory: Click on the Tool tab to reach the Tools-‐>Inventory page. You will see the list of APs for your account. The following information will be displayed in the Tool-‐>Inventory-‐> Access Point Tab. STEP3: Perform the following step to check the Management Status: Click the Monitor -‐> Access Point tab and you will see the Monitor-‐>Access Point page listing all registered APs and their current status. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
21
Version 1.7.1
Tools → Inventory Access Point Demo Inventory AP Name AP MAC AP Status Management Status If the Management Status of an AP is “Registered”, that means this AP has been connected to the Cloud-‐
based Wireless Management System through the Internet. In this case, the AP can be managed and monitored by the Cloud-‐based Wireless Management system remotely. 3.1.1 Installing the Access Point Hardware Relay2 currently has two indoor access point models: RA100 and RA200. The Relay2 AP hardware is a MIMO concurrent dual-‐band radio and high-‐performance enterprise-‐grade access point. It can be powered up either with the optional AC power adapter or (preferably) powered by a connection to a PoE+ Ethernet switch port. Once you receive the AP hardware, follow the instructions in the Relay2 Access Point Hardware Installation Guide, one for each model, to install the hardware, connect an Ethernet cable that can reach the Internet, and then apply power.
Relay2 APs contain multiple directional antennas. It is very important to place the AP at the appropriate angle in order to have optimized Radio coverage and data rate performance. Please refer to the “Signal Coverage Area” in Relay2 Access Point Hardware Installation Guide. 3.1.2 Access Point Network Deployment Relay2 AP is designed to be plug-‐and-‐play, meaning that an AP can be automatically discovered and configured. When the AP gets its IP address from a DHCP server and connects to the Internet, it will register to the Cloud Service Manager automatically. The Cloud Service Manager will check its virtual inventory. If the MAC address and serial number matches with an AP listed in inventory, the Cloud Service Manager will know which cloud controller has this AP’s configuration. Then the default configuration or pre-‐defined configuration will be applied to the AP. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
22
Version 1.7.1
Figure 1-‐5 AP Deployment under the CWM The following describes the deployment process in chronological order: •
•
•
•
•
The Relay2 AP (MAC address X) connects to the Internet The AP is automatically registered to the Relay2 CWM The Relay2 Cloud Service Manager finds the MAC address X in one of the cloud servers The cloud server downloads the default or pre-‐defined configuration to the AP The AP can now serve the enterprise WLAN The Relay2 AP also supports static configuration as a normal AP. Users can connect through the AP console port to configure IP address, default gateway, DNS server, VLAN ID, etc. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
23
Version 1.7.1
4.0 Upgrading and Rebooting the AP The Relay2 Cloud-‐based WLAN system allows for remote AP rebooting and software upgrades. Note: This feature is only accessible from the end-‐customer tier or to MVAP SP customers managing a physical MVAP enabled AP. 4.1 Rebooting the AP STEP1: Click Configure-‐>Access Point to display all APs. Click on an AP Name to select the AP. STEP2: Click Reboot and then click on Confirm in the pop-‐up window. Configure -‐> Access Point -‐> Access Point name Interface Version Status Location Advanced Tags Radios VLAN Interface STEP3: Click Configure—>Access Point to view the page which displays the AP Status and Operation Status of this AP as yellow until the reboot is completed. 4.2 Upgrading the AP During reboot, the latest software image will be downloaded and applied to the AP. The AP will then re-‐
register upon image load and reboot. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
24
Version 1.7.1
5.0 Monitoring The SP Admin monitor the AP and WLAN status on the Cloud Service Manager portal very quickly from the Monitor tab. The user may only observe from this tab. The Monitor tab has the following menu options. Monitor Dashboard Map Virtual AP Access Point Event Notification Connected Client Station Heat Map Rogue AP 5.1 Dashboard View This page displays information on the number of APs in UP or Not Connected status, and displayed in Overall, 801.11 b/g/n and a/n/ac status. Mobility Domain(s) that the AP(s) belong(s) to is/are also displayed. The dashboard is designed to give the user a quick overview of the deployment at a glance. APs with a critical alarm are listed in Critical AP Summary area with APs’ CPU, Memory, Temperature, Radio Alarm, WLAN Alarm, Transmit and Receive information. The user can click the AP Name listed for an AP with a critical alarm to view more details about that AP. Click Monitor -‐> Dashboard to display the Dashboard View. The following fields display in the Dashboard View. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
25
Version 1.7.1
Monitor → Dashboard Venue UP AP Not Connected AP Critical AP 2.4GHz Client 5GHz Client Total Client The Critical AP Summary can also be viewed in this view. The following fields display in the Critical Summary View. When an AP triggers an alarm, it will show up in the summary and all fields will be filled with that AP's current status. Critical AP Summary AP Name CPU % Memory % AP Temp °C CPU Temp °C Radio 1 (2.4GHz) Alarm Radio 2 (5GHz) Alarm Tx (Kbps) Rx (Kbps) Venue The bar graphs on the dashboard page indicate the number of connected or disconnected AP’s per account, as well as if radios are up or down, as a proportion of the total number of APs or radios for the account. APs that are up will be shown with a green bar graph, and disconnected or down APs and radios will be shown with a yellow or red bar graph, with red being an indicator for the AP’s radios. Example 1: A customer account has 2 APs assigned to them and both APs are up. The bar graphs would indicate that 2 APs are up, and 0 are down. Example 2: A customer account has 5 APs and all 5 APs are currently disconnected or unpowered. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
26
Version 1.7.1
Example 3: A customer account has 139APs and 136 are currently up but 3 are disconnected. Note, the bar graphs indicate the status of the corresponding proportion of APs of the total number for the account. Example 4: A customer account has 3 APs, 2 of which are up, and 1 is down. One of the two APs has one radio disabled (b/g/n or a/n depending on which status window). 5.2 Map View This page displays GPS location information of the deployed APs in map view. This map can be zoomed in or out to display all customer Relay2 APs by locating them through a WiFi based geo-‐location API. Click Monitor -‐> Map to display the Map View. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
27
Version 1.7.1
Click on the plus icon + to zoom in and the minus icon -‐ to zoom out of the map. The AP location on the map is determined by referring to the triangulation of the rogue AP signal strength or by known IP locations. These parameters may not always be available, which causes the APs to have incorrect location information being reported on the map. To correct this issue, the Position APs tab is provided to allow the user to drag and drop an AP to the right place. The edit mode is only available while zoomed-‐in enough to have each AP in different locations. 5.3 Virtual AP View The Virtual Access Point view displays details on the virtual access point. The following information is displayed. Monitor → Virtual AP Venue VAP Group Subscriber Account VAP Network Count WLAN Count Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
28
Version 1.7.1
5.4 Access Point View This page displays a list of the Registered APs, Operational and Non-‐Operational status. •
•
•
•
•
•
•
•
•
•
•
•
•
•
•
AP Name: The name of the AP. IP Address: The AP typically gets this from the DHCP. AP Status: Solid green means this AP is running and registered. Flashing yellow indicates the AP is not registered to the Cloud-‐based Wireless Management system. Admin Status: Displays if the AP has enabled Admin Status. Operational Status: Solid green means this AP is running and registered. Flashing yellow indicates this AP is not registered to the Cloud-‐based Wireless Management system. CPU%: Displays the AP’s CPU utilization rate. Memory%: Displays the AP’s memory utilization rate. TempoC: Displays the AP’s internal working temperature. 2.4G channel: Displays which 2.4GHz channel that the AP is working on. 5G channel: Displays which 5GHz channel that the AP is working on. Client Count: Displays the number of clients that are currently connected to the AP. Alarm: Displays the alarm condition reported by the AP. Tx (Kbps): Data transmitting speed in Kbps. Rx (Kbps): Data receiving speed in Kbps. Software Version: Displays the software version. Click Monitor -‐> Access Point to display Access Point View. The following fields display. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
29
Version 1.7.1
Monitor → Access Point AP Name AP MAC AP Status Admin Status Op Status CPU % Memory % Temp °C 2.4G Channel 5G Channel Client Count Alarm Tx (Kbps) Rx (Kbps) Venue Click on an AP Name to get more detailed information. The following tabs are displayed to view additional details: •
•
•
•
•
•
•
Health Client Station Status Event Notification Radio Statistics Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
30
The data can be filtered using the following filters. MVAP Account → Monitor → Access Point Show Filtered Filter AP Status UP Not Connected Alarm AP MAC Single MAC Address. Example: AA:BB:CC:DD:EE:FF Venue Default Down Town Tag Tags are Additive Example: Almaden City All Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
31
Version 1.7.1
Version 1.7.1
5.4.1 AP Health The AP Health tab displays an overview of commonly utilized statistics of the selected AP. The following information is displayed. Monitor → Access Point → MVAP Account Name AP Health General MAC Address IP Address AP Status Admin Status Unreachable (day: hr: min) Alarm Current Client S/W Update Time S/W Update Status Bytes RX Bytes TX Join History Last Discovered Last Registered Last Join Request Last Config Request Last Image Download Last Join Complete Last Join Error Last Join Error Reason Last Reboot Reason Last Reboot Time Radio Alarms Alarm Type Radio 1(2.4GHz) Radio 2(5.0GHz) Beacon Radio Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
32
Chn Interfere % Tx Failed % Channel Util % Version 1.7.1
Temperature (°C) Bandwidth Tx Usage (Kbps) Bandwidth Rx Usage (Kbps) CPU Usage (%) Memory Usage (%) 5.4.2 Client Station The Client Station tab shows statistics on the currently connected clients of the selected AP. A Client may be blocked from the WLAN by selecting the Station MAC and selecting the Block Client button. The blocked client will be moved to the Client Black List under Configure -‐> Security -‐> Client Black List. The following information is displayed in the Connected Client Station tab. Monitor → Connected Client Station Station MAC Station IP SSID via BSSID Radio Type Connected Time Signal (dBm) Data Rate Tx BW Rx BW AP MAC Click on a Station MAC address to view the client’s General, Health and WLAN statistics. The following information is displayed. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
33
Version 1.7.1
Monitor → Connected Client Station → Station MAC → Client Detail General Health WLAN Station MAC Signal (dBm) WLAN Profile Station IP Data Rate SSID Vendor Tx BW Usage Via BSSID Device Type Rx BW Usage Radio Slot Number OS Type Tx Bytes Security Type AP MAC Rx Bytes Radio Type VLAN Id Duration Antenna Pattern 5.4.3 Status The Status tab displays the status updates and notifications from the selected AP. The following information is displayed. Monitor → Access Point → Status Time Name Status Severity Radio Slot Event Data Data can be filtered using the following filters. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
34
Version 1.7.1
Filter AP Temperature CPU Temperature Memory Usage % CPU Usage % Radio Beacon Stuck Radio Hang Radio Channel Interference % Radio Tx Failed % Signature Attack All A time frame can be selected from the Timeframe dropdown list with the following options: •
•
•
•
•
•
Latest Last 2 Hours Last 6 Hours Last 12 Hours Last 24 Hours Custom Time 5.4.4 Event The Event tab shows all events pushed to the cloud from the selected AP. The following information is displayed. Monitor → Access Point → Event Time Name Severity Cause Extended Data Type Data can be filtered using the following filters. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
35
Version 1.7.1
Monitor → Access Point → Name of the MVAP Account Show Filtered Filter AP Join AP Join Complete AP Join Failed AP Lost Connection AP Status Up AP Radio Status Down AP Radio Status Up WLAN Status Down WLAN Status Up AP Configuration Send Failed AP Image Downloading AP Operation Status Detected Rogue AP All A time frame can be selected from the Timeframe dropdown list with the following options. See the time frames listed above. Monitor → Access Point → Name of the MVAP Account Timeframe Latest Last 2 Hours Last 6 Hours Last 12 Hours Last 24 Hours Custom Time Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
36
Version 1.7.1
5.4.5 Notification The Notification tab displays user-‐selected events from the AP. Monitor → Access Point → Notification Time Name Cause Extended Data Type Data can be filtered using the following filters. See the previous page for the list of filters. A time frame can be selected from the Timeframe dropdown list with the following options. See the time frames on the previous page. 5.4.6 Radio The Radio tab displays vital radio settings. The following data is displayed. The same data is displayed for Radio 2. Monitor → Access Point → Radio 1 Base BSSID Radio Type RF Band Channel Channel Width Power Power Level High Throughput Rates Admin Status Operation Status WAN Profile SSID Type Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
37
Version 1.7.1
Security Admin Status Client Count Data Rate 5.4.7 Statistics The Statistics tab provides a trace history of the various logged statistics for the selected AP. The timeframe can be adjusted to show statistics for up to a 30 day time period. See the next three screens. The following statistics are displayed. Time frame can be selected from Last 2, 6, 12, 24 hours or a custom time frame can be selected. Monitor → Access Point → Statistics CPU Usage (%) Memory Usage (%) Bandwidth Rx Usage (Kbps) Tx unit: bps Rx unit: bps AP Temperature (°C) CPU Temperature (°C) 5.5 Event View This page displays all events reported by operational AP(s) to the Relay2 Cloud-‐based Wireless Management system. The output can be filtered by time period, ranging from 2 to 24 hours, or by a specific time frame. Click Monitor -‐> Event to display the Event View. The following information can be viewed in the Event view. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
38
Version 1.7.1
Monitor → Event Time Name Severity Cause Extended Data AP Name Type 5.6 Notification View This page displays all notifications reported by operational AP(s) to the Relay2 Cloud-‐based Wireless Management system. The output can be filtered by time period ranging from 2 to 24 hours or by a customer defined time frame. A system event can be shown in Event View or Notification View, depending on the configuration selected in Administration => Notification Settings. Click Monitor -‐> Notification to display the Notification View. The following data is displayed. Monitor → Notification Time Name Cause Extended Data AP Name Type 5.7 WLAN View This page displays a list of the defined WLANs. Click Monitor -‐> WLAN to display the WLAN View. Click on WLAN Name for detailed information about current Client Stations under this WLAN. If the AP is disconnected, any client devices connected at the time the AP is brought down will be shown with a grayed out background. The following information is displayed on this page. Monitor → WLAN Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
39
Profile Name SSID Type Security Policy Admin Status Client Count (Number of clients connected and operational on this WLAN) Click on Station MAC to view the client device details. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
40
Version 1.7.1
Monitor → Connected Client Station → Station MAC → Client Detail General Station MAC Station IP Vendor Device Type OS Type AP MAC VLAN Id Health Signal (dBm) Data Rate Tx BW Usage Rx BW Usage Tx Bytes Rx Bytes Duration WLAN WLAN Profile SSID Via BSSID Radio Slot Number Security Type Radio Type Antenna Pattern Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
41
Version 1.7.1
Version 1.7.1
5.8 Connected Client Station This page displays the details of the connected client stations associated with the selected account. Click Monitor -‐> Client Station to display the Connected Client Station View. The following information is displayed on this page. You can block any client stations by selecting it and clicking on Block Selected. The following information is displayed on the Connected Client Station screen. Monitor → Connected Client Station Station MAC Station IP SSID Via BSSID Radio Type Signal (dBm) Data Rate Tx BW Rx BW AP MAC Data can be filtered using the following filters: •
•
•
•
•
•
•
•
Client Station MAC Client Station IP AP MAC SSID BSSID Radio Type Mobility Domain Tag Click on Station MAC to view the client device details as listed in the table below. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
42
Monitor → Connected Client Station Station MAC Station IP SSID via BSSID Radio Type Connected Time Signal (dBm) Data Rate Tx BW Rx BW AP MAC Connected Client Station → Client Detail General Station MAC Station IP Vendor Device Type OS Type AP MAC VLAN Id Health Signal (dBm) Data Rate Tx BW Usage Rx BW Usage Tx Bytes Rx Bytes Duration WLAN WLAN Profile SSID Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
43
Version 1.7.1
Version 1.7.1
Via BSSID Radio Slot Number Security Type Radio Type Antenna Pattern Items per Page Data on this page can be filtered using the following filters. Monitor → Access Point → MVAP Account Show Filtered Filter Client Station MAC Single MAC Address. Example: AA:BB:CC:DD:EE:FF Client Station IP IP Address AP MAC Single MAC Address. Example: AA:BB:CC:DD:EE:FF SSID Length: 1 -‐ 32 BSSID Single MAC Address. Example: AA:BB:CC:DD:EE:FF Radio Type 2.4GHz 5GHz Venue Default Down Town Tag Tags are Additive For example: Almaden City All 5.9 Client Station History This page displays a history of the clients associated with the selected account. This tool allows the user to see a chronological history of clients connecting, or attempting to connect to the account. This information can be used to trouble-‐shoot failed connection attempts or security threats. Information that is provided for each client’s status update is listed below: •
•
•
•
•
Station MAC Address Station IP Address WLAN Profile name SSID Via BSSID Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
44
Version 1.7.1
•
•
•
•
•
Radio Type AP MAC or VAP Name??? Status: connected, associated, disconnected, authenticated Timestamp Device •
The output can be filtered by time period, ranging from 2 to 24 hours, or by a specific time frame. A description of the colored arrows will be shown with a tool tip if the mouse is hovered over the arrow. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
45
Version 1.7.1
Click Monitor -‐> Client Station for Client Station View to be displayed. The following information is displayed on this page. Monitor → Connected Client Station Station MAC Station IP WLAN Profile SSID Via BSSID Radio Type AP MAC AP Name Status Time Device Cause Data can be filtered using the following filters: •
•
•
•
•
•
•
Client Station MAC AP MAC WLAN Profile Name SSID BSSID Radio Type Rejected Client Events only A time frame can be selected from the latest, last 2, 6, 12, 24 hours or a custom time frame can be selected. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
46
Version 1.7.1
6.0 Configuration This section describes how to configure the various parameters of the CWM. 6.1 Configuring WLAN The configuring WLAN feature allows the user to manage WLANs. This page lists the WLANs configured. You can add a new WLAN or add a new WLAN from a template, update, delete, enable or disable WLANs from this page. The WLAN configuration parameters that are included in configuring a WLAN are: Configure Venue Virtual AP Access Point Batch AP Update VLAN Floor Map Tags This section describes how to configure WLANs for your Relay2 Cloud-‐based WLAN solution. The Relay2 Cloud-‐based WLAN solution supports up to 8 WLANs per Mobility Domain. Each WLAN can be configured with different SSID, security policy, quality of service (QoS), radio policies and other WLAN parameters. Once a WLAN is created, it needs to be assigned to a Mobility Domain. All APs in the same Mobility Domain share the same list of WLANs. Any change on parameters or WLAN enable/disable/delete will be applied to all APs in the associated Mobility Domain. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
47
Figure 3-2 Relationship between WLAN, VLAN and AP interface
6.1.1 Configure Venue The following data is displayed for configuring the venue. MVAP Account → Configure → Venue Venue VAP Group Count AP Count Web Cache Expiration Time (day) Range: 1 – 30 Click the edit button to edit this field Items per Page Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
48
Version 1.7.1
Version 1.7.1
6.1.2 Displaying, Creating, Enabling, Disabling and Deleting WLAN Perform the following steps below to Add, Display, Enable, Disable and Delete WLAN on the Cloud Service Manager GUI. STEP1: Log into the application. STEP2: The WLAN displays. Click the Configure -‐> WLAN tab. The existing WLAN’s summary information will be displayed. Such as the SSID and associated Mobility Domain, if they are enabled or disabled, etc. STEP3: Create the WLAN. Click the Configure -‐> WLAN tab, and then click Add New. The WLAN information input page is displayed. Enter profile name and SSID and then click Apply. The new WLAN with its Profile Name will display in the Configure -‐> WLAN list. The following table lists the parameters that need to be populated to add a new WLAN. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
49
Version 1.7.1
Configure → WLAN → Add New Profile Name SSID Enabled Broadcast SSID Radio Policy: The default is All. Click on the down arrow to select from the following: a/n/ac Only b/g/n Only WLAN Type: The default is WLAN. Click on the Edit icon to configure the WLAN Type. If WLAN radio button is selected, all the parameters below are greyed out. Guest WLAN: The following parameters need to be populated to configure a Guest WLAN. Portal URL http(s)//domain-‐name:port/any-‐string Allowed Domain The default value is None Click on Add New to add a new profile. Add the Allowed Domain Profile Name and the Domian Name. Click the green + icon to add additional domain names. Click Add to add a new guest WLAN Radius Authorization Server 1 The default value is None Click on Add New to add a new profile. Radius Authorization Server 2 Radius Account Server 1 Server Type: Click on Authentication to authenticate this server. Radius Account Server 2 Server Address: Key in the server address. Shared Secret Format: Select ASCII or HEX Shared Secret: Key in shared secret. Shared Secret Confirm: Confirm the shared secret. Server Port: Key in the server port. The range is from 1 – 65535. Retransmit Timeout (Seconds): Key in retransmit timeout in seconds. The range is 2 – 30 seconds. Session Timeout (minutes) NAS-‐ID AP Name AP MAC BSSID: AP MAC BSSID:SSID User Defined (Max length: 36) Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
50
Version 1.7.1
White List Authentication Disabled Use Profile White List Profile Use Radius L2 Security Type: The default is [Open]. Click on the Edit icon to configure L2 Security Type. L2 Security Type: Open WEP WEP Key WEP Current Key WEP Key Index (1 to 4) WEP Key Size (40 Bit or 104 Bit) Key Format (ASCII or HEX) L2 Security Type: Shared WEP WEP Key WEP Current Key WEP Key Index (1 to 4) WEP Key Size (40 Bit or 104 Bit) Key Format (ASCII or HEX) L2 Security Type WPA Cipher WPA2 Cipher Type: TKIP, CCMP Authentication Key Management Type: Pre-‐shared Key or 802.1X Pre-‐shared Key Key Format: ASCII or HEX L2 Security Type WPA2 Cipher WPA Cipher Type: TKIP, CCMP Authentication Key Management Type: Pre-‐shared Key or 802.1X Pre-‐shared Key Key Format: ASCII or HEX L2 Security Type WPA+WPA2 [WPA+WPA2][Auth(PSK)] Cipher WPA Cipher Type: TKIP, CCMP WPA2 Cipher Type: TKIP, CCMP Authentication Key Management Type: Pre-‐shared Key or 802.1X Pre-‐shared Key Key Format: ASCII or HEX ACL Policy Profile: The default is Open. Select Add New from the drop down list to add a new ACL policy Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
51
Version 1.7.1
profile. The following parameters are displayed: Edit Seq# Action Src IP/MASK Src Port Dest IP/MASK Dest Port Protocol Direction Adjust Seq Command Click on the green + icon to select the following: Source: Select Any or add an IP Address Dest: Select Any or add an IP Address Protocol: Select Any, TCP or UDP. If TCP or UDP is selected a Source and Destination ports will have to be selected from the dropdown menu. The options are: Any, HTTP, HTTPS, Telnet, Radius Auth, Radius Acct, DHCP, DHCP Server, DNS, L2TP, PPTP Control, FTP Control, SMTP, SMNP, LDAP, Kerberos, NetBios Name, NetBios Data, NetBios Session, MS Dir Service, Other, Port Range. Direction: Upstream. Click to check Upstream Action: Select Permit or Deny MAC Filter Profile: The default is None. Select Add New from the drop down list to add a new MAC filter profile. An Add MAC Filter window displays. Key in the MAC Filter Profile Name, MAC Address and the Description and click the Add to add a new MAC filter profile. URL Block Profile: The default is None. Select Facebook or Add New to add a new URL Block profile. An Add URL Block Profile window displays. Key in the URL Block Profile Name, URL and the Description and click the Add to add a new MAC filter profile. Mobility Domain: Click on the Edit icon to configure Mobility Domain. It is set to Default, No VLAN Mobility Domain: Click on the down arrow to select an option. VLAN Domain: Click on the down arrow to select an option VLAN ID: Key in a valid ID. Advanced Settings: Click on the Edit setting can to be configured: icon to configure Advanced Settings. The following advanced QOS: DSCP Marking checkbox Multicast: IGMP Snooping checkbox Optimization checkbox WLAN bandwidth control per AP: Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
52
Version 1.7.1
DL BW Limit (Mbps) (Range: 0 ~ 400) UL BW Limit (Mbps) (Range: 0 ~ 400) Security: Pre-‐Authentication checkbox Client Load Balancing: Enabled checkbox Client Control: Accept New Client checkbox Client to Client Blocking checkbox Band Steering checkbox Network: Primary DHCP Server IP Address Secondary DHCP Server) IP Address 802.11: DTIM 802.11a/n Period Range: 1 ~ 255 802.11a/n Data Rate (Mbps) Automatic DTIM 802.11b/g/n Period Range: 1 ~ 255 802.11b/g/n Data Rate (Mbps) Automatic Service RSSI: External RSSI WS URI http(s)//domain-‐
name:port/any-‐string Reporting Interval (secs) Range: 3 -‐ 300 Archive to Cloud checkbox HTTP URL Capture: Enabled checkbox Cache Control: Ignore Set_cookies checkbox Web Cache Domain Profile: The default is None. Click on the drop down list and select Add New to add a new Web Cache Domain. The Add Web Cache Domain Profile window displays. Key in the Domain Profile Name and the Domain Name, for example: www.relay2.com:8080. Click on the Add button to add it. Click on the green + icon to add additional domain profiles. Click the Delete icon to delete a profile. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
53
Version 1.7.1
Banner Insertion: The default is None. Click on the drop down list to insert a banner. AP MAC Insertion Domain Profile: Click on the drop down list and select Add New to add a new AP MAC Insertion Domain Profile. The Add Web Cache Domain Profile window displays. Key in the Domain Profile Name and the Domain Name. Click on the Add button to add it. Click on the green + icon to add additional domain profiles. Click the Delete icon to delete a profile. Click Save as a Template to open the Save as Template dialog. Enter a name for future use. This is an optional feature. Click Edit for additional information to be displayed. The following screen displays. To configure each parameter of WLAN, refer to section 4.2.2 Hide the SSID Broadcasting to 4.2.20.4 Configuring HTML Insertion for details. STEP4: Enable/Disable WLAN. A WLAN is not active until it is enabled. When you want to change the configuration, disable it first, then modify the configuration, enable it, and the new configuration will be effective. To enable/disable a WLAN, perform the following steps: 1. Display the WLAN (STEP2). 2. Select the WLAN from the list. 3. Select the WLAN from the list and click Enable/Disable Selected. 4. Click Confirm in the pop-‐up window. When a WLAN is enabled, the Admin Status shows a green “√ ” mark. When a WLAN is disabled, the Admin Status displays a red “X” mark. STEP5: To delete WLAN, perform the following steps: 1. Display the WLAN (STEP2). 2. Select the WLAN from the list and disable it (STEP4). 3. Select the WLAN from the list and click Delete Selected. 4. Click Confirm in the pop-‐up window. STEP6: To add a WLAN from a template perform the following steps: 1. Display the WLAN (STEP2). 2. Click Add New From Template to display the Add New From Template dialog. 3. Click the radio button to select a template and click Confirm. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
54
Version 1.7.1
6.1.3 Hide the SSID Broadcasting By default, the SSID name associated with the WLAN is beaconed over the air. To hide the SSID beaconing, you can disable the option “Broadcasting SSID” in the Configure-‐>WLAN page. STEP1: Login and disable the WLAN (section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). STEP2: Hide the SSID broadcasting. Perform the following steps: 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select WLAN. 3. Find the Broadcast SSID option and uncheck it. 4. Click Apply. STEP3: Enable the WLAN (section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN) 6.1.4 Radio Policy STEP1: Log into the application and disable the WLAN. STEP2: Perform the following steps: 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select WLAN. 3. Find the Radio Policy and click on the down arrow to view the options. 4. Select the desired Radio Policy (802.11a/n only, 802.11b/g/n only, or All). 5. Click Apply. STEP3: Enable the WLAN. 6.1.5 WLAN Type A WLAN Type can be a normal WLAN or Guest WLAN. The Guest WLAN is offered to visitors who do not have a password to the WLAN L2 security authentication (i.e., shared key). You can define separate authentication and security for these visitors: l
Portal URL: When a captive portal server URL is defined here, visitors will be presented with a Web login page at the first time he/she is trying to access any website via WLAN. An enterprise can have its own Portal server, or Relay2 can provide a hosted Portal server which is integrated in the AP. l
Allowed domain: Is a walled garden concept, if configured, portal clients can visit configured domain network without needing to gain access through a portal. l
Radius Auth Server 1&2: Defines the Radius Authentication Server(s) that store the white list. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
55
Version 1.7.1
l
Radius Acct Server 1&2: Defines the Radius Accounting Server(s) that typically records guest log-‐in and log-‐out for billing purposes. l
Session Timeout: Radius protocol session timeout in minutes. l
NAS-‐ID: The NAS-‐ID is one of attributes for Radius server to identify the AP. There are multiple options for configuring the NAS-‐ID, AP name, AP MAC address, BSSID with AP MAC address, BSSID with SSID and user defined. The default is AP name. The user can define up to a 36-‐characters string if user define option is selected. l
White List Authentication: If the user is in the white list, he/she will be connected to the WLAN without going through the captive portal process. The white list can be defined locally or remotely. l
¡
Disabled: Authentication is disabled. ¡
Use Profile: The white list (a list of MACs) is configured and stored in the Relay2 Cloud-‐Based wireless management system (CWM) (configure -‐> security -‐> white list). ¡
Use Radius: The white list is provisioned in a remote Radius Server, typically provided by enterprise IT. In this case, the user name and password are required to be a client MAC address. White List Profile: When the White List Authentication is set to the User Profile, you can select a White List from the drop-‐down menu. NOTE: The WLAN Type cannot be changed once configured. If you need to change WLAN Type, you will need to delete the WLAN and re-‐create a new one. STEP1: Log into the application and disable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). STEP2: Change the WLAN Type. Perform the following steps: 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select a WLAN. 3. Click and select WLAN or Guest WLAN. 4. For Guest WLAN you can define the Portal URL, Allowed Domain, Radius Auth Server 1&2, Session Timeout (min) and White List Authentication. 5. When White List Authentication is enabled, you need to select User Profile or User Radius. The following table lists the parameters displayed. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
56
Version 1.7.1
Configure → WLAN → Add New → WLAN Type WLAN Type WLAN Guest WLAN Portal URL http(s)//domain-‐name:port/any-‐string Allowed Domain None Add New Radius Authorization Server 1 None Add New Radius Authorization Server 2 None Add New Radius Account Server 1 None Add New Radius Account Server 2 None Add New Session Timeout (minutes) NAS-‐ID AP Name AP MAC BSSID: AP MAC BSSID: SSID User Defined (Max length: 36) White List Authentication Disabled Use Profile White List Profile Use Radius 6. Click Apply. STEP3: Enable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). 6.1.6 Configuring the WLAN Security Various types of Security policies can be applied to a WLAN. APs in the same Mobility Domain provide the same list of WLANs and each WLAN can be configured with a different security policy. The Relay2 Cloud Service Manager provides the following types of Security policies for WLAN: Standard Wi-‐Fi (L2) Security Relay2 incorporates industry standard layer 2 Wi-‐Fi security protocols, including WEP, WPA, and WPA2. ACL (Access Control List) The Access Control List (ACL) is a list of rules that are applied to L3 IP addresses and port numbers to filter client stations’ data traffic. Standard ACL rules can be configured to allow and disallow client traffic by comparing each client station IP packet to the following parameters: l
Source: The traffic from a defined source IP address will be controlled l
Dest: The traffic to a defined destination IP address will be controlled Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
57
l
Protocol: Layer 4 protocol that you would like to control l
Direction: Selects either inbound traffic or outbound traffic that you want to control l
Action: Denies or Allows Version 1.7.1
MAC Filtering MAC Filtering refers to an access control method where a 48-‐bit client’s source MAC address is compared to determine client’s permission of accessing WLAN network. This is a L2 security control and if a MAC Filtering list exists and is enabled, only those clients’ MAC addresses matched in the list can be allowed to access the WLAN network. MAC filtering is not an effective control in a WLAN network as an attacker can eavesdrop on wireless transmissions and thus capture a user’s security configuration even after the MAC Filtering is enabled. Client Black List and White List Relay2 also provides 2 other MAC address-‐based security access controls, Client Black List and Client White List controls. They are different from MAC Filtering and how they work together can best be explained as: Client Black Listing is a system level access control that is applied to all WLANs to block the access of clients whose MAC addresses are added to the Client Black List. When a client attempts to access the WLAN, the client’s MAC address is first checked and compared with the Client Black List before it is compared with the MAC Filtering List. The Client Black List takes the highest priority in terms of client access control path (the client Black List will always deny access overriding a Client’s White List and/or MAC Filtering). The White List is only used in a Guest WLAN, which allows certain clients to by-‐pass the Web Portal authentication and can directly connect to the Guest WLAN. Its usage is independent from the MAC Filtering. A Client that is allowed via MAC Filtering is only allowed to access a WLAN or a Guest WLAN from a client’s device level point of view. If a WLAN or Guest WLAN is also configured with other types of security authentication method such as WPA, WPA2 or Web Portal, the client’s connection manager will still need to go through the authentication with the configured security method. URL Blocking URL Blocking is designed to restrict WLAN users from accessing specified websites. Each WLAN can have its own URL Block List, in which all websites are forbidden for the users under this WLAN. Allowed Domain List The feature is used with Guest-‐WLAN. There are up to 20 Internet Fully Qualified Domain Names in one list profile. Those domains can be accessed for the clients before authentication is passed. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
58
Version 1.7.1
6.1.7 Configuring L2 Security Type WLAN L2 security include several types as listed below: •
•
•
•
•
•
Open Open WEP Shared WEP WPA WPA2 WPA+WPA2 STEP1: Log into the application and disable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). STEP2: To configure the L2 security, perform the following steps: 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select a WLAN. 3. Find L2 Security Type and click the icon. 4. Select the relevant option from the pull-‐down menu and input required parameters shown below. 5. Click Apply. WLAN → Add New → L2 Security Type L2 Security Type Open Open WEP Shared WEP WPA WPA2 WPA + WPA2 Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
59
Version 1.7.1
Listed below are various parameters for different L2 security types: Open WEP: The WEP key can be a combination of WEP Key Size (40 bit or 104 bit) and Key Format (ASCII or HEX) L2 Security Type Open WEP WEP Key WEP Current Key WEP Key Index 1 2 3 4 WEP Key Size 40 Bit 104 Bit Key Format ASCII HEX Shared WEP: The key can be a combination of WEP Key Size (40 bit or 104 bit) and Key Format (ASCII or HEX) WPA with Pre-‐shared Key: The Pre-‐shared Key can be in ASCII format (8~63 in length) or HEX (64 in length) L2 Security Type WPA Cipher WPA Cipher Type TKIP, CCMP Authentication Key Management Type Pre-‐shared Key Key Format ASCII HEX Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
60
Version 1.7.1
WPA with 802.1x L2 Security Type WPA Cipher WPA Cipher Type TKIP, CCMP Authentication Key Management Type 802.1 Radius Auth Server 1: Default is None. Click on the drop down list and select Add New to add a Radius Server. The Add Radius Server window displays with the following fields: Server Type: Authentication Server Address Shared Secret Format: ASCII or HEX Shared Secret Shared Secret Confirm Server Port Retransmit Timeout (sec) Click on Add button to add a new radius server. Radius Auth Server 2: Same as above. Key Format ASCII HEX Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
61
Version 1.7.1
WPA2 with Pre-‐shared Key: the Pre-‐shared Key can be in ASCII format (8~63 in length) or HEX (64 in length). L2 Security Type WPA2 Cipher WPA Cipher Type TKIP, CCMP Authentication Key Management Type Pre-‐shared Key Key Format ASCII HEX Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
62
Version 1.7.1
WPA2 with 802.1x L2 Security Type WPA2 Cipher WPA Cipher Type TKIP, CCMP Authentication Key Management Type 802.1 Radius Auth Server 1: Default is None. Click on the drop down list and select Add New to add a Radius Server. The Add Radius Server window displays. With the following fields: Server Type: Authentication Server Address Shared Secret Format: ASCII or HEX Shared Secret Shared Secret Confirm Server Port Retransmit Timeout (sec) Click on Add button to add a new radius server. Radius Auth Server 2: Same as above. Key Format ASCII HEX WPA+WPA2 with Pre-‐shared Key L2 Security Type WPA+WPA2 Cipher WPA Cipher Type: TKIP, CCMP Authentication Key Management Type: Pre-‐shared Key Key Format ASCII HEX Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
63
Version 1.7.1
WPA+WPA2 with 802.1x L2 Security Type [WPA][Auth(PSK)] WPA2 Cipher WPA Cipher Type TKIP, CCMP Authentication Key Management Type 802.1 Radius Auth Server 1: Default is None. Click on the drop down list and select Add New to add a Radius Server. The Add Radius Server window displays with the following fields: Server Type: Authentication Server Address Shared Secret Format: ASCII or HEX Shared Secret Shared Secret Confirm Server Port Retransmit Timeout (sec) Click on Add button to add a new radius server. Radius Auth Server 2: Same as above. Key Format ASCII HEX STEP3: Enable the WLAN. 6.1.8 Adding and Deleting MAC Filters to a WLAN This section describes how to assign an existing ACL to a WLAN. Refer to section 4.8.1 Adding and Deleting an ACL to create and delete ACL policies. STEP1: Log into the application and disable the WLAN. STEP2: To assign an ACL to a WLAN and perform the following steps: 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select a WLAN. 3. Select the desired ACL from ACL Policy pull-‐down menu. 4. Click Apply. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
64
Version 1.7.1
STEP3: Enable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). 6.1.9 Assigning MAC Filtering to WLAN This section describes how to assign an existing MAC Filter to a WLAN. Refer to section 4.8.1 Adding and Deleting an ACL to create and delete MAC Filters. STEP1: Log into the application and disable the desired. STEP2: Assign a MAC Filter to the WLAN. Perform the following steps: 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select WLAN. 3. Select the desired MAC Filter from the MAC Filter Profile pull-‐down menu and click Apply. STEP3: Enable the WLAN. 6.1.10 Assigning the URL Block Profile to the WLAN This section describes how to assign an existing URL Block Profile to a WLAN. Refer to section 4.8.6 Adding URL Block Lists to create and delete URL Block Profiles. STEP1: Log into the application and disable the desired WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). STEP2: Assign the URL Block Profile to the WLAN and perform the following steps: 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select the WLAN. 3. Select the desired profile name from the URL Block Profile pull-‐down menu and click Apply. STEP3: Enable the WLAN. 6.1.11 Configuring Mobility Domain 6.1.11.1 Assigning WLAN to Mobility Domain STEP1: Log into the application and disable the WLAN. STEP2: To assign the Mobility Domain, perform the following steps: 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select a WLAN 3. Click to edit the Mobility Domain. 4. Select the desired Mobility Domain and click Apply. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
65
Version 1.7.1
STEP3: Enable the WLAN. 6.1.12 Assigning WLAN to a VLAN Domain STEP1: Log into the application and disable the WLAN. STEP2: Assign a VLAN and perform the following steps: 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select a WLAN. 3. Click to edit the VLAN Domain field. 4. Select the desired VLAN Domain and click the Apply. STEP3: Enable the WLAN (section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN) 6.1.13 Configuration QoS 6.1.13.1 DSCP Marking DSCP (Differentiated services code point) is a DiffServ header code that can be used to define the quality of service across the Internet. In Relay2’s Cloud Service Manager v1.4.0, DSCP marking applies to SIP VoIP sessions (RTP video and audio flow). DiffServ (Differentiated services) is a computer networking architecture that specifies a mechanism for classifying and managing network traffic and providing quality of service (QoS) on IP networks. DiffServ can, for example, be used to provide low-‐latency to critical network traffic such as voice or streaming media while providing simple best-‐effort service to non-‐critical services such as web traffic or file transfers. When DSCP Marking is enabled, the 6-‐bit DSCP code will be included in the IP header for packet classification purposes. Relay2 APs can then differentiate between latency sensitive packets and non-‐
critical services. STEP1: Log into the application and disable the WLAN. STEP2: Enable/disable the DSCP Marking. Perform the following steps: 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select a WLAN. 3. Click Edit to view all the advanced settings. 4. Check/uncheck DSCP Marking to enable/disable this feature. 5. Click Apply. STEP3: Enable the WLAN (section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN) Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
66
Version 1.7.1
6.1.14 Multicast Optimization Multicast Optimization feature is to turn multicast into uni-‐cast, which helps to improve radio performance. Typically multicast packets are transmitted at low data rates and hence take more air time, while uni-‐cast packets are transmitted at higher data rates and correspondingly take less air time. When Multicast Optimization feature is enabled, the AP will convert downstream, multicast packets to WiFi clients into uni-‐cast packets. Below is an explanation of this process: • The AP listens to multicast group JOIN and LEAVE messages from the clients and builds a table of which clients belong to which groups. • When a downstream, multicast packet is received for a group MAC address, the AP checks which clients belong to this group and makes copies of the packet and uni-‐casts them to each client. • If no WiFi client belongs to the group, the AP drops the packet. The feature is intended to be used for small home networks where the number of STAs is small (<10) and the number of multicast groups is small (< 10). It is primarily meant for IPTV deployments where video traffic is multicast. STEP1: Log into the application and disable the WLAN. STEP2: To configure Multicast perform the following steps 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select a WLAN. 3. Click Edit to view all the advanced settings. 4. In Multicast Optimization IGMP snooping is enabled which is the default. Multicast traffic will only be sent to the WLANs which have the clients joined in the multicast group, which is learnt from IGMP snooping. 5. Check Optimization to convert downstream multicast packets to WiFi clients into uni-‐cast packets. 6. Click Apply. Multicast IGMP Snooping (check option to select) Optimization (check option to select) STEP3: Enable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
67
Version 1.7.1
6.1.15 Configuring WLAN Bandwidth Control per AP You can limit the uplink/downlink bandwidth for APs in a WLAN. This bandwidth limit is applied to each AP under this WLAN so that each AP cannot surpass the downlink or uplink limits imposed. For instance, a network administrator can use this feature to limit overall bandwidth across a guest WLAN or student WLAN to help ensure essential functions on other WLANs operate smoothly. STEP1: Log into the application and disable the WLAN. STEP2: Set the Bandwidth Limit by performing the following steps: 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select a WLAN. 3. Click Edit to show all advanced settings. 4. Define Download Bandwidth (DL BW) limit and Upload Bandwidth (UL BW) limit in Mbps. 5. Click Apply. WLAN bandwidth control per AP DL BW Limit (Mbps) Range 0~400 UL BW Limit (Mbps) Range 0~400 STEP3: Enable the WLAN. 6.1.16 Configuring Pre-‐authentication Pre-‐authentication is an 802.11i feature that allows pre-‐authentication between a client and an un-‐
associated AP for improvement in hand-‐off performance. STEP1: Log into the application and disable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN) STEP2: Enable/disable Pre-‐authentication 1. Click Configure -‐> WLAN. 2. Click the Profile Name to select a WLAN. 3. Click Edit to view all the advanced settings 4. Check/uncheck Pre Authentication to enable/disable this feature. 5. Click Apply. STEP3: Enable the WLAN. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
68
Version 1.7.1
6.1.17 Configuring Client Load Balancing With Client Load Balancing enabled, Relay2’s CWMS can automatically re-‐distribute clients on a per-‐WLAN basis to better accommodate for spikes in client load, such as high throughput or high client count. When this feature is enabled, all AP’s on a particular WLAN act as a group and clients can be encouraged to connect to nearby Relay2 APs depending on radio channel utilization, AP CPU usage, and the number of clients connected to each AP. This feature only impacts new clients. It does not divert existing clients to other APs. Load balancing can be useful for an administrator that is trying to improve performance in a deployment that is having issues with one or more APs that is overloaded with active clients. Encouraging clients to associate with another less laden AP can improve overall performance of the system. STEP1: Log into the application and disable the WLAN. STEP2: Enable/disable Load Balance, perform the following steps: 1. Click Configure -‐> WLAN. 2. Click Profile Name to select a WLAN. 3. Click Edit to view all the advanced settings. 4. Check/uncheck Client Load Balance to enable/disable this feature. 5. Click Apply. STEP3: Enable the WLAN (section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN) 6.1.18 Configuring Client Control The following fields are displayed in Configuring Client Control: Client Control Accept New Client Client to Client Blocking Band Steering 6.1.18.1 New Client Connection STEP1: Log into the application and disable the WLAN. STEP2: Enable/disable Client Control, perform the following steps: 1. Click Configure -‐> WLAN. 2. Click Profile Name to select the WLAN. 3. Check/uncheck Accept New Client to enable/disable New Client Connect policy to this WLAN. 4. Click Apply. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
69
Version 1.7.1
STEP3: Enable the WLAN. 6.1.18.2 Client-‐to-‐Client Blocking Client-‐to-‐client blocking is also known as peer-‐to-‐peer blocking in WLAN terminology. This feature is used to prevent guest users from having peer-‐to-‐peer connectivity on the guest VLAN or subnet. This prevents the possibility of one guest client attacking another while they are connected to the same guest WLAN. STEP1: Log into the application and disable the WLAN. STEP2: Enable/disable Client-‐to-‐Client Blocking for WLAN, perform the following steps: 1. Click Configure -‐> WLAN. 2. Click Profile Name to select the WLAN. 3. Check/uncheck Client-‐to-‐Client Blocking to enable/disable Client-‐to-‐Client Blocking policy to this WLAN. 4. Click Apply. STEP3: Enable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). 6.1.19 Band Steering Band steering is the act of an AP steering clients from the 2.4GHz band to the 5GHz band in order to reduce contentions for the busy 2.4GHz band resources. Normally the 5GHz band has more available channels and is generally used less than the 2.4GHz band. By steering some clients which support 5GHz radio, APs can provide opportunities for better throughput to those clients operating in the quieter 5GHz spectrum, while also easing congestion for other clients remaining in the 2.4GHz spectrum. When the 5GHz radio is overloaded, which means the number of clients associated with all neighbors on their 5 GHz radios reaches their load limits, the APs suspend band steering. They automatically resume it again when their 5GHz radios are no longer overloaded. STEP1: Log into the application and disable the WLAN. STEP2: Enable/disable Band Steering by performing the following steps: 1.
2.
3.
4.
Click Configure -‐> WLAN. Click Profile Name to select the WLAN. Check/uncheck Band Steering to enable/disable this feature. Click Apply. STEP3: Enable the WLAN. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
70
Version 1.7.1
6.1.20 Configuring Network 6.1.20.1 DHCP Server By default, the Relay2 WLAN System sets all clients to obtain their IP addresses from a DHCP server that is reachable on the local network. This way, all of the clients’ DHCP requests are broadcasted onto the same subnet. If the administrator would like to use an external DHCP server, he/she can configure the DHCP server IP address in the WLAN configuration page, which will allow the AP to relay DHCP broadcast requests from the clients associated to the WLAN. The DHCP Server can be configured at the WLAN level, as well as for the Mobility Domain. When both are configured, the DHCP Server at WLAN level will be utilized. The following are the fields for the Network: Network Primary DHCP Server Secondary DHCP Server STEP1: Log into the application and disable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). STEP2: Select DHCP Server by performing the following steps 1. Click Configure -‐> WLAN. 2. Click Profile Name to select the WLAN. 3. Enter IP Addresses of the Primary DHCP Server and the Secondary DHCP Server 4. Click Apply. STEP3: Enable the WLAN. 6.1.20.2 Configuring 802.11 6.1.20.3 Configuring DTIM In 802.11a/n and 802.11b/g/n networks, access points broadcast a beacon at regular intervals, which coincides with the Delivery Traffic Indication Message (DTIM). After the access point broadcasts the beacon, it transmits any buffered broadcast and multicast frames based on the value set for the DTIM period. This feature allows power-‐saving clients to wake up at the appropriate time if they are expecting broadcast or multicast data. The range of DTIM is from 1 to 255, and typically set at 1 or 2. For example, if the beacon period is 100ms and the DTIM value is set to 50, the access point transmits buffered broadcast and multicast frames once every 5 seconds (100ms*50). This rate allows the power-‐saving clients to sleep longer before they have to wake up and listen for broadcasts and multicasts, which results in a longer battery life. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
71
Version 1.7.1
The following fields need to be set to configure DTIM: 802.11 DTIM 802.11a/n Period 802.11a/n Data Rate (Mbps) DTIM 802.11b/g/n Period 802.11b/g/n Data Rate (Mbps) STEP1: Log into the application and disable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). STEP2: Configure DTIM by performing the following steps: 1. Click Configure -‐> WLAN. 2. Click Profile Name to select a WLAN. 3. Click and modify the DTIM 802.11a/n and/or DTIM 802.11b/g/n values (range in 1 to 255). If value entered not in this range, the screen will display an error message. Data Rates for 802.11a/n and 802.11b/g/n are automatic. 4. Click Apply. STEP3: Enable the WLAN. 6.1.21 Configuring Service 6.1.21.1 RSSI This section describes the Client Stats Service. The AP will periodically (configurable “Reporting Interval” range 3 -‐ 300secs) send Client Stats reports to configured “External RSSI WS URL”, if a valid URL is given. The report contains all associated clients’ RSSI at the time the report is sent as well as all of the probing clients’ RSSI during the reporting period. The URL can be in https format when the receiving server is on the Internet. This report is sent for both 2.4Ghz and 5Ghz clients separately. The report can be automatically sent to the Relay2 Cloud if Archive to Cloud is selected. In this case, you can download and view the report via the Cloud Wireless Manager. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
72
Version 1.7.1
The following fields need to be set to configure RSSI: RSSI External RSSI WS URI Reporting Interval (seconds) Archive to Cloud STEP1: Log into the application and disable the WLAN. STEP2: Set URL and Reporting Interval by performing the following steps: 1. Click Configure -‐> WLAN. 2. Click Profile Name to select a WLAN. 3. Key in the External RSSI Web Service URL. 4. Set Reporting Interval in seconds (3~300 seconds). 5. Check Archive to Cloud if you want to view and download the report on Cloud Wireless Manager. 6. Click Apply. STEP3: Enable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). 6.1.21.2 Configuring HTTP URL Capture With this feature enabled, the HTTP URLs that WLAN users access will be recorded and sent to the Cloud Wireless Manager. It can be used for further analysis, for example, to understand trends in web browsing activities of connected clients. STEP1: Log into the application and disable the WLAN. STEP2: Enable/disable HTTP URL by performing the following steps: 1. Click Configure -‐> WLAN. 2. Click Profile Name to select the WLAN. 3. Check/uncheck HTTP URL Capture -‐> Enabled to enable/disable this feature. 4. Click Apply. STEP3: Enable the WLAN. 6.1.21.3 Configuring Web Cache A web cache is a mechanism for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage and server load, or to improve user experience. A web cache stores copies of documents passing through it; subsequent requests may be satisfied from the cache if same content is requested. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
73
Version 1.7.1
Relay2 supports a built-‐in web cache in the AP. Customers can configure a web domain in WLAN settings to define which web site is to be cached. STEP1: Log into the application and disable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). STEP2: Enable/disable HTTP URL by performing the following steps: 1. Click Configure -‐> WLAN. 2. Click Profile Name to select the WLAN 3. Type in the website URL in Web Cache Domain. 4. Click Apply. STEP3: Enable the WLAN. 6.2 Configuring a WLAN Template This feature allows the user to manage WLAN templates. A list of the existing WLAN templates are listed on this page. You can add, delete or update an existing template. You can also add a WLAN based on a saved template. The WLAN configuration parameters that are included in a WLAN template are listed as follows. Configure → WLAN Template Name WLAN Type Admin Status Security Policy Broadcast SSID Radio Policy Click on the template name to update the template information or to view additional details. The data associated with a WLAN Template is only applicable when a user adds a new WLAN. In this case, the new WLAN will be automatically filled in with the WLAN Template data. After that, updating WLAN Template data will not affect any existing WLAN profiles that were created from the WLAN Template. WLAN template also includes the assignments of various profiles, e.g.. ACL Policy, MAC Filter, URL Block List, Allowed Domain, Web Cache Domain, etc. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
74
Version 1.7.1
6.3 Configuring Security Solution List The following security options are listed in the Security menu option. Configure → Security ACL Policy Profile MAC Filter Profile Client Black Profile White List Profile Radius Server URL Block Profile Allowed Domain Profile 6.3.1 ACL Policy Profile The ACL Policy Profile page lists all the policy names. Configure → Security→ ACL Policy List Policy Name Command 6.3.2 Adding and Deleting an ACL STEP1: To add a new ACL, perform the following steps: 1. Click Configure -‐> Security. 2. Click the Security drop-‐down and select ACL Policy List to display a list of ACL policy names 3. Click Add. 4. Enter a name for Policy Name in the input field and then click on the icon. 5. Click on the newly created Policy link under the Policy Name list. 6. Click Apply and Confirm in the pop-‐up window and click on the ACL name link in the list to enter values for the ACL Policy. l
Source: Any or a specific IP Address (IP and netmask) l
Dest: Any or a specific IP Address (IP and netmask) l
Protocol: Choose from list l
Src Port: Choose from list ¡
Dest Port: Choose from list Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
75
¡
Direction: Upstream only ¡
Action: Deny, Permit 7. Click Apply. The following fields are displayed in adding a new ACL. Configure → Security → ACL Policy List → Add New Name Length: 1-‐32 Edit Sequence # Action Src IP/MASK Src Port Destination IP/MASK Destination Port Protocol Direction Adjust Sequence Command Source Any IP Address Destination Any IP Address Protocol Any TCP UDP Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
76
Version 1.7.1
Version 1.7.1
Direction Upstream Action Permit Deny STEP2: Deleting an ACL (if needed). 1. Click Configure -‐> Security. 2. Click the Security drop-‐down and select ACL Policy List, to display a list of ACL policy names. 3. Click the button of the ACL you want to delete. Click Confirm in the pop-‐up window. The page will be refreshed and the selected ACL is removed from the ACL Policy List. Refer to section 4.2.7 Adding and Deleting MAC Filters to a WLAN to assign ACL to WLAN. Additional fields are listed below when adding a new ACL. Configure → Security→ ACL Policy List→ Add New → Protocol Protocol Any TCP UDP TCP Source Port HTTP HTTPS Telnet Radius Authorization Radius Account DHCP DHCP Server DNS L2TP PPTP Control FTP Control Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
77
SMTP SNMP LDAP Kerberos NetBios Name NetBios Data NetBios Session MS Directory Service UDP Source Port HTTP HTTPS Telnet Radius Authorization Radius Account DHCP DHCP Server DNS L2TP PPTP Control FTP Control SMTP SNMP LDAP Kerberos NetBios Name NetBios Data NetBios Session MS Directory Service Other Port Range Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
78
Version 1.7.1
TCP Destination Port HTTP HTTPS Telnet Radius Authorization Radius Account DHCP DHCP Server DNS L2TP PPTP Control FTP Control SMTP SNMP LDAP Kerberos NetBios Name NetBios Data NetBios Session MS Directory Service Other Port Range UDP Destination Port HTTP HTTPS Telnet Radius Authorization Radius Account DHCP DHCP Server Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
79
Version 1.7.1
Version 1.7.1
DNS L2TP PPTP Control FTP Control SMTP SNMP LDAP Kerberos NetBios Name NetBios Data NetBios Session MS Directory Service Other Port Range 6.3.3 MAC Filter List The MAC Filter profile can be viewed in this page. The following information is displayed. Configure → Security → MAC Filter List MAC Filter Profile Name Command 6.3.4 Adding and Deleting MAC Filters STEP1: To add a new MAC Filter, perform the following steps: 1. Click Configure -‐> Security. 2. Click the Security drop-‐down and select MAC Filter List to display a list of MAC Filter names. 3. Click Add. 4. Enter the MAC Filter Profile Name and MAC Address in the pop up window and then click the Add button. The following information needs to be populated. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
80
Version 1.7.1
Configure → Security → MAC Filter List → Add MAC Filter MAC Filter Profile Name MAC Address Description The newly added MAC Filter Profile is shown in the Configure—>Security： MAC Filter List STEP2: To delete a MAC Filter (if needed), perform the following steps: 1. Click Configure -‐> Security. 2. Click the Security drop-‐down and select MAC Filter List to display a list of MAC Filter names. 3. Click the button of the MAC Filter you want to delete and then click Confirm in the pop-‐up window. The page will be refreshed and the selected MAC Filter removed from the list. Please refer to section 4.2.8 Assigning MAC Filtering to WLAN to assign MAC Filtering to WLAN 6.3.5 Client Black Lists The Client Black List can be viewed in this page. The following information is displayed. Configure → Security → Client Black List Client MAC Address Description 6.3.6 Adding and Deleting Client Black Lists STEP1: To add a client to Black List, perform the following steps: 1. Click Configure -‐> Security. 2. Click the Security drop-‐down and select Client Black List to display a list of Client MAC Addresses. 3. Click Add. 5. Enter the MAC Address in the pop up window and then click Confirm. The following information needs to be populated. Configure → Security → Client Black List → Add Clients MAC Address Description The newly added MAC address is shown in the Configure-‐>Security: Client Black List. STEP2: To delete a client from Black List, perform the following steps: Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
81
Version 1.7.1
1. Click Configure -‐> Security, 2. Click the Security drop-‐down and select Client Black List to display a list of Client MAC Addresses. 3. Click the Delete button of the Client MAC Address you want to delete then click Confirm in the pop-‐up window. The page will be refreshed and the selected Client MAC Address is removed from the list. Refer to section 4.2.5 Configuring the WLAN Security to enable Client Black List for WLAN. 6.3.7 White List Profile The White list Profiles can be viewed in this page. The following information is displayed. Configure → Security → White List White List Profile Name Command 6.3.8 Adding and Deleting White Lists STEP1: To add a new White List, perform the following steps: 1. Click Configure -‐> Security. 2. Click the Security drop-‐down and select White List. 3. Click Add. 4. Enter a name for the White List Profile Name and enter the MAC Address in the pop up window then click Add. The following information needs to be populated to add a new White List Profile. Configure → Security→ White List → Add White List White List Profile Name MAC Address Description STEP2: Check the new White List. 1. Click Configure -‐> Security-‐>White List. 2. Click on the newly created white list profile name in the list, you will see the Client MAC Address. This MAC addresses will now be able to access all WLANs without authentication. STEP3: To delete a White List (if needed), perform the following steps: 1. Click Configure -‐> Security-‐>White List. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
82
Version 1.7.1
2. Click the button of the white list you want to delete and then click Confirm in the pop-‐up window. The page will be refreshed and the selected white list removed from the list. 6.3.9 Radius Server The Radius Server can be viewed in this page. The following information is displayed. Configure → Security → Radius Server Server Type Server Address Port Command 6.3.10 Adding and Deleting a Radius Server Radius Server configuration is needed for 802.1x. STEP1: To add a new Radius Server, perform the following steps: 1. Click Configure -‐> Security. 2. Click the Security drop-‐down and select Radius Server to display a list of Radius Server names. 3. Click Add and enter the necessary information below: •
Server Type: Authentication or Accounting •
Server Address: The IP address of the server •
Shared Secret Format: ASCII or HEX •
Shared Secret Format & Passcode: The passcode shared between radius client and radius server •
Server Port: The port number of the Radius server, typically 1812 for Radius protocol. You can change it but you need to ensure that both client and server are using the same port number. •
Retransmit Timeout (sec): The timer that Radius Client determines message lost and retransmit 4. Click Apply. The page will be refreshed and the newly added Radius Server will be shown in the List. STEP2: To delete Radius Server (if needed) , perform the following steps: 1. Click Configure -‐> Security. 2. Click the Security pull-‐down and select Radius Server to display a list of Radius Servers. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
83
Version 1.7.1
3. Click the button of the Radius Server you want to delete and then click Confirm in the pop-‐up window. The page will be refreshed and the selected Radius Server is removed from the list. See screen on next page. 6.3.11 URL Block Profile The URL Block Profile can be viewed in this page. The following information is displayed. Configure → Security → URL Block List URL Block Profile Name Command 6.3.12 Adding URL Block List STEP1: To add a new URL Block List, perform the following steps: 1.
2.
3.
4.
Click Configure -‐> Security. Click the Security expandable menu and select URL Block List. Click Add. Enter a name for URL Block Profile and enter the URL and short description in the pop up window. Click on the 5. Click Add. icon to add additional profiles. The page will be refreshed and the newly added URL Block profile is shown in the List. STEP2: To delete a URL Block List (if needed), perform the following steps: 1. Click Configure -‐> Security. 2. Click the Security drop-‐down and select URL Block List to display a list of URL Block profiles. 3. Click the button of the URL Block profile you want to delete and then click Confirm in the pop-‐
up window. The page will be refreshed and the selected URL Block profile removed from the list. 6.3.13 Allowed Domain Profile The Allowed Domain Profile names can be viewed in this page. The following information is displayed. Configure → Security → Allowed Domain List Allowed Domain Profile Name Command Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
84
Version 1.7.1
6.3.14 Adding an Allowed Domain Profile Name STEP1: To add a new URL Block List, perform the following steps: 1. Click Configure -‐> Security. 2. Click the Security drop-‐down and select Allowed Domain Profile to display a list of Allowed Domain Profile names. 3. Click Add. 4. Enter the Allowed Domain Profile Name, MAC Address and Description in the pop up window and then click the Add button. The following information needs to be populated. Configure → Security → Add Allowed Domain Profile Allowed Domain Profile Name Domain Name Example: www.relay2.com The newly added Allowed Domain Profile is shown in the Configure—>Security： Allowed Domain Profile STEP2: To delete a MAC Filter (if needed), perform the following steps: 1. Click Configure -‐> Security. 2. Click the Security drop-‐down and select Allowed Domain Profile to display a list of Allowed Domain Profile names. 3. Click the button of the Allowed Domain Profile name you want to delete and then click Confirm in the pop-‐up window. The page will be refreshed and the selected MAC Filter removed from the list. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
85
Version 1.7.1
7.0 Services This section describes the Web Services offered by the Relay2 Cloud Wireless Manager. The following services are provided. Services Web Cache Domain Profile Web Cache Refresh URL Profile AP MAC Insertion Domain Profile HTTP Capture Files Client RSSI Files Banner Insertion 7.1 Web Cache Domain Profile A web cache is a mechanism for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage and server load, or to improve user experience. A web cache stores copies of documents passing through it; subsequent requests may be satisfied from the cache if same content is requested. Relay2 supports a built-‐in web cache in the AP. Customers can configure a web domain in WLAN settings to define which web site is to be cached. In previous releases only one single Web Cache Domain for a WLAN was supported. This feature has been enhanced to allow a user to add one or more than one Web Cache Domains for a WLAN. Currently, each WLAN can support up to 5 cache domain names (URLs). For instance, if a customer wants to cache any static requests from the following domains, a.com, b.com, c.com, d.com, e.com, then any requested URL containing one of the domains in the list will be cached by the AP. For example, A gets a request for URL http://a.com/game/nbagame?device=android from the client device, then the AP matches the domain name a.com, and caches the response data in the AP. This list of cached domain profiles can be viewed by clicking the Services menu option and selecting Web Cache Domain Profile. The following information is displayed on the Web Cache Domain Profile page. Services → Web Cache Domain Profile Web Cache Domain Profile Name Command Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
86
Version 1.7.1
7.1.1 Configuring Web Cache Perform the following steps to configure a web cache: STEP1: Log into the application and disable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). STEP2: Enable/disable HTTP URL by performing the following steps: 1. Click Configure -‐> WLAN. 2. Click Profile Name to select the WLAN. 3. Type in the website URL in Web Cache Domain. 4. Click Apply. STEP3: Enable the WLAN. 7.1.2 Adding a Web Cache Domain Profile Perform the following steps to add a web cache domain profile: 1. Click on the Add button on the Web Cache Domain Profile page. The Add Web Cache Domain Profile window displays. 2. Key in the profile name in the Web Cache Domain Profile Name field. 3. Key in the domain name. 4. Click the Add button to add a new web cache domain profile. 5. Click on the icon to add additional profiles or click on the icon to delete a profile. The following information is displayed on the web cache domain profile page. Services → Web Cache Domain Profile → Cached Demo Sites Name Domain Name Add Each Web Cache Domain Profile can have up to 5 domain (host) names. Services → Web Cache Domain Profile → Content Cache Demo Name Domain Name Add Multiple Web Cache Domain Domain Name (Example: www.relay2.com:8080) Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
87
Version 1.7.1
7.2 Web Cache Refresh URL Profile The Web Cache Refresh Profile allows the user to add, update or delete the Web Cache URL profile. The user can select a WLAN and a profile, then refresh the web cache on all APs within the WLAN for all URLs included in the profile. The WLAN ID, profile ID and refresh time can be viewed, if required. Whenever an AP joins, NMS need to send AP the profile and the refresh time of the last refresh action for each WLAN. The user can import the Web Cache URL profile from a .txt file. The user can also create a new profile by importing a .txt file. An existing profile can be updated by importing a .txt file. In this case, the existing URL list is completely replaced with the content from the .txt file. The following information is displayed on the Web Cache Domain Profile page. Services → Web Cache Refresh URL Profile Web Cache URL Profile Name Command 7.2.1 Adding a Web Cache URL Profile Perform the following steps to add a web cache URL profile: 1. Click on the Add button on the Web Cache Domain Profile page. The Add Web Cache URL Profile window displays. 2. Key in the profile name in the Web Cache URL Profile Name field. 3. Key in the URL, in the following format: http://domain:port/path?url_encoded_query_string#fragment_id. The maximum length is 2000 characters. 4. Click the Add button to add a new web cache URL profile. 5. Click on the icon to add additional profiles or click on the icon to delete a profile. 7.2.2 Importing a Web Cache URL Profile Perform the following steps to import a web cache URL profile: 1. Click on the Import button on the Web Cache Refresh URL Profile page. The Import Web Cache URL Profile window displays. 2. Key in the profile name in the Web Cache URL Profile Name field. 3. Choose the file in the Web Cache URL Profile File field. 4. Click Import to import the file(s). Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
88
Version 1.7.1
7.3 AP MAC Insertion Domain Profile The AP Mac Insertion Domain Profile lets the user configure the domain to insert the AP MAC address in the HTTP header to track where the AP was routing the traffic from. This is implemented through the web proxy. The following information is displayed on this page. Services → AP MAC Insertion Domain Profile AP MAC Insertion Domain Profile Name Command 7.3.1 Adding a AP MAC Insertion Domain Profile Perform the following steps to add a web cache URL profile: 1. Click on the Add button on the AP MAC Insertion Domain Profile page. The Add AP MAC Insertion Domain Profile window displays. 2. Key in the profile name in the AP MAC Insertion Profile Name field. 3. Key in the domain name. 4. Click the Add button to add a new web cache URL profile. 5. Click on the icon to add additional profiles or click on the icon to delete a profile. NOTE: This feature is available only on the Relay2 Enterprise Smart AP RA200. 7.4 HTTP Capture Files HTTP URLs that are accessed are captured by the HTTP Capture Files feature. The following information is displayed on this page. Services → HTTP Capture Files AP MAC File Name Size Time 7.4.1 Configuring HTTP URL Capture With this feature enabled, the HTTP URLs that WLAN users access will be recorded and sent to the Cloud Wireless Manager. It can be used for further analysis, for example, to understand trends in web browsing activities of connected clients. STEP1: Log into the application and disable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
89
Version 1.7.1
STEP2: Enable/disable HTTP URL by performing the following steps: 1. Click Configure -‐> WLAN. 2. Click Profile Name to select the WLAN. 3. Check/uncheck HTTP URL Capture -‐> Enabled to enable/disable this feature. 4. Click Apply. STEP3: Enable the WLAN. 7.4.2 Deleting an HTTP URL Capture File Select an HTTP URL Capture file and click the Delete button to delete the file. 7.4.3 Downloading an HTTP URL Capture File Select an HTTP URL Capture file and click the Download button to download the file. 7.5 Client RSSI Files This section describes the Client Stats Service. The AP will periodically (configurable “Reporting Interval” range 3 -‐ 300secs) send Client Stats reports to configured “External RSSI WS URL”, if a valid URL is given. The report contains all associated clients’ RSSI at the time the report is sent as well as all of the probing clients’ RSSI during the reporting period. The URL can be in https format when the receiving server is on the Internet. This report is sent for both 2.4Ghz and 5Ghz clients separately. The report can be automatically sent to the Relay2 Cloud if Archive to Cloud is selected. In this case, you can download and view the report via the Cloud Wireless Manager. The following information is displayed on this page. Services → Client RSSI Files AP MAC File Name Size Time STEP1: Log into the application and disable the WLAN. STEP2: Set URL and Reporting Interval by performing the following steps: 1. Click Configure -‐> WLAN. 2. Click Profile Name to select a WLAN. 3. Key in the External RSSI Web Service URL. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
90
Version 1.7.1
4. Set Reporting Interval in seconds (3~300 seconds). 5. Check Archive to Cloud checkbox if you want to view and download the report on Cloud Wireless Manager. 6. Click Apply. STEP3: Enable the WLAN (refer to section 3.3.1). 7.5.1 Deleting a Client RSSI File Select a Client RSSI file and click the Delete button to delete the file. 7.5.2 Downloading a Client RSSI File Select a Client RSSI file and click the Download button to download the file. 7.6 Banner Insertion Banner Insertion allows the AP customer to create an overlay the icon/banner on the original webpage that was transported through Relay2 AP and displayed on the client device. When banner insertion is enabled, the client’s connected Relay2 AP will insert the banner that will be displayed on top of the background web page by the client’s web browser. The program to compose the overlay image and link is to be provided by the service provider or AP customer. The Relay2 Cloud management system provides a user Interface to upload the program as a package to Relay2 App stores. The programming language has to be either HTML or Java Script. The Overlay package can be applied to one or many WLAN profiles through Cloud Management System GUI. Once the package installed in a particular WLAN, then any banner page transported from this WLAN will have the overlay content displayed. Note, the banner insertion is only working for HTTP protocol through port 80 and content type must be HTML. It currently does not work for HTTPS protocol or any other content types. The following information is displayed on the banner insertion page. Services → Banner Insertion App File Name Type Last Upload Time Use Count Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
91
Version 1.7.1
7.6.1 Uploading Files for Banner Insertion Perform the following steps to upload files for banner insertion: 1. Click Services -‐> Banner Insertion. 2. Click the Upload New button. 3. The Upload Package (New) window displays with the following information. Services → Banner Insertion → Upload Package (New) Package Type (drop-‐down list) Package Name (Choose file) Select WLAN for this Package WLAN Profile SSID Admin Status WLAN Type 4. Banner Insertion is the default option displayed in the Package Type field. 5. Click on the Choose File button to upload the file you would like to display as the banner. Only .zip files can be uploaded. 6. Locate the file, select it and click Choose. 7. The file will be displayed in the Package Name field. 8. Click Apply. All the files uploaded on the banner insertion page will display in the Configure -‐> WLAN -‐> Update page in the Banner Insertion drop down list. 7.6.2 Configuring Banner Insertion Perform the following steps to configure banner insertion: STEP1: Log into the application and disable the WLAN (refer to section 4.2.1 Displaying, Creating, Enabling, Disabling and Deleting WLAN). STEP2: Enable/disable banner insertion by performing the following steps: 1. Click Configure -‐> WLAN. 2. Click Profile Name to select the WLAN. 3. Click on the arrows icon in the Banner Insertion field. Select a .zip file from the list. All the files uploaded in the Banner Insertion page will be listed in the drop down list. The default is none. 4. Click Apply. STEP3: Enable the WLAN. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
92
Version 1.7.1
7.6.3 Adding New Banners New banners can be created and added using the banner insertion wizard. The following information is displayed on this page. Services → Banner Insertion → Add New This wizard creates a package for displaying advertising or messaging content on the specified WLAN Banner Image (choose file) Note: Image file may be .jpg/.jpeg/.gif/.png only. Maximum size is 100KB Alt Text (alternative text for the image) Location: Bottom Left Bottom Center Bottom Right Background Color (#) Transparency (%) Ratio (%) Link URL (Client will be re-‐directed to URL if banner is clicked) Enable Hide Banner Minutes (Note: RA100 not supported) Hide Duration Minutes (Note: RA100 not supported) Perform the following steps to add new banners to the application: 1. Click the Host New button. 2. Choose an image file you would like to upload for the banner insertion. The maximum size of the file cannot exceed 100KB. Only the following image files can be used. • JPG • JPEG • GIF • PNG 3. In the Alt Text field key in the text you would like to display when the mouse is hovered over the banner. 4. Configure the Location, Background Color, Transparency and Ratio of the banner, ratio being the size of the banner as compared to the overall screen. 5. Key in the URL in the Link field where the client will be re-‐directed if the banner is clicked. Check the Enable Hide Banner checkbox to make the banner disappear once the client is at the site. You Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
93
Version 1.7.1
can set the time duration in minutes to hide the banner in the Hide Duration field. This feature is not available for the RA100. 6. Configure the duration the banner will be hidden by keying in the number of minutes in the Hide Duration field. Check the Enable checkbox to enable the Close Button feature. This feature is not available for the RA100. 7. Click Next. A preview of the banner will be displayed on the desktop screen. 8. Click the Tablet tab to preview the banner on a tablet. Click the Portrait and Landscape radio buttons to toggle between the two displays. 9. Click the Phone tab to preview the banner on a phone. Click the Portrait and Landscape radio buttons to toggle between the two displays. 10. Clicking Next will take you to the Services -‐> Banner Insertion -‐> Add New page. Select a WLAN for the package by entering a package name in the field provided. The maximum length of the package name is 59 letters. Only alpha-‐numeric, period (.), hyphen (-‐) and underscore (_) are allowed. 11. Select a WLAN profile by clicking on the checkbox of a WLAN profile. You can select multiple WLAN profiles. 12. Click Apply to apply the banner insertions to the selected WLAN profiles. 13. Click Cancel if you would like to cancel this action. 7.6.4 Deleting an App Filename in Banner Insertion Perform the following steps to delete an app filename in banner insertion: 1. Select the App Filename by clicking on the checkbox next to it. 2. Click the Delete Selected button. 3. Click Confirm to confirm the deletion. 7.6.5 Overlay Relay2 APP package This section describes how to manually create banners. Before the package can be loaded to Relay2 App store, the entity configuring is responsible to write the HTML/JS program. The package should be a zip file format, which contains the overlay scripting file and the manifest file. The format of manifest content has to follow Relay2 manifest format: Syntax: <relay2 manifest keyword> “<html_insert_content>”
<relay2 manifest keyword> : “r2_html_insert”
<html_insert_content> : <html script file name>
The file name of the manifest is “MANIFEST”. The following is an example: A Java Script file which displays a WiFi icon on each web page and is an embedded web URL. The file name is home_page_icon.js. Its content is the following: <script>
(function(){
94
Version 1.7.1
var btn=document.createElement(“div”),id=”relay2Homebutton”;
btn.innerHTML=’<a href=”http://192.168.3.2/relay2.html”><img
src=”http://192.168.3.2/relay2.png” alt=”Relay2”></a>’;
btn.id=id;
btn.setAttribute(“style”,”display:none;position:fixed;
bottom:30px; right:10px; z-index:9999; width:42px; height:42px;
padding:4px; background-color:#FF0000; border-radius:5px;”);
document.body.appendChild(btn);
var topBtn=top.document.getElementById(id);
if(topBtn)topBtn.style.display=”block”;
})();
</script>
A manifest file MANIFEST associates with the overlay script file. Its content is as follows: “r2_html_insert “home_page_icon.js”
To build a Relay2 APP package use the zip utility under a Unix/Linux desktop: “zip relay2_home_icon_overlay MANIFEST home_page_icon.js”
The Relay2 APP package is built with the name “relay2_home_icon_overlay.zip.” It is now ready to upload the package to the Relay2 APP store. The following steps illustrate how to upload via the Relay2 Cloud manager UI.
STEP1: Go to Tools-‐>AP App Store. Click the Upload New tab to upload your overlay package. STEP2: Follow the Upload Package (New) wizard to load the package. Perform the following steps: 1. Select package type HTML Insertion. 2. Choose the file from your desktop. 3. You can optionally select one or many WLAN profiles for the package to apply. 4. Click Apply after all the fields set. The applied package is then uploaded to the Relay2 App Store database. The associated WLANs configurations will be applied with the overlay package if the WLAN(s) were selected in STEP2. To double-‐check if the package has been configured with associated WLAN, go to Configure-‐>WLAN-‐> Update and make sure the field Banner Insertion contains the package name which was just uploaded from STEP2. The Banner insertion feature is enabled at this point. The web page from client browser should display the overlay image. The following screen capture is an example showing on the client browser. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
95
96
Version 1.7.1
Version 1.7.1
8.0 Reports An SP administrator can create reports with information relating to certain AP statistics (Audit, AP Health, Client Station, etc.) within a defined time range. The report output is in PDF format, which can be reviewed either on the Cloud-‐based Wireless Management system portal or downloaded to your computer. The following data is displayed in the Reports tab. Reports → Report List Name Type Generated By Generated Time From Time To Time Format Status Account 8.1 Generating Reports Perform the following to generate a report. 1. Click Reports -‐> Run Report. 2. Enter the report name and select the report type (Audit/AP Health/Client Station Statistics/Event/Client Station History). 3. Select the starting and ending time of the report. 4. Click Apply. The different report screens are displayed below: Audit Report The Audit report has the following fields that need to be populated: Name Type Sort By Sort Type Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
97
Account Time Zone User Daylight Savings Time Time Frame Type File Format AP Health Report The Health report has the following fields that need to be populated: Name Type Account Time Zone Time Frame Type File Format Client Station Statistics Report The output file format can be PDF, CSV and Excel. The Client Station Statistics report has the following fields that need to be populated: Name Type Group By Account Time Zone User Daylight Savings Time Time Frame Type File Format Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
98
Version 1.7.1
Version 1.7.1
Event Report Various filters as shown in the screenshot below can be used to view specific data in the Event Report. To apply a filter, select the checkbox next to the filter and click Apply. The Event report has the following fields that need to be populated: Name Type Sort By Show (Filtered). The data can be filtered by the following filters: AP Join AP Join Complete AP Join Failed AP Lost Connection AP Status Up AP Radio Status Down AP Radio Status Up WLAN Status Down WLAN Status Up AP Config Send Failed AP Image Downloading AP Operation Status Detected Rogue AP Account Time Zone User Daylight Savings Time Time Frame Type File Format Client Station History Report The report output supports PDF, CSV and Excel formats. Name Type Show (Filtered). The data can be filtered by the following filters: Client Station MAC AP MAC WLAN Profile Name SSID BSSID Rejected Clients Events Only Account Time Zone User Daylight Savings Time Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
99
Version 1.7.1
Time Frame Type File Format 8.2 Checking Generated Reports Once a report is generated the following data is displayed in the report. Click Reports -‐> Report List to check generated reports. Reports → Report List Name Type Generated By Generated Time From Time To Time Format Status Account 8.3 Viewing Reports Online Click on a report name to open the report in the web browser. 8.4 Saving Reports to a Local Disk Right-‐click on the report name and select Save Target As… to save the report to a local disk in PDF format. 8.5 Delete Report Select the report(s) desired to be removed, and then click Delete Selected. Click Confirm to delete. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
100
Version 1.7.1
9.0 Account Administration Administration configuration contains three parts. They are: •
UAM: Please refer to the User Account Management (UAM) section below for details. •
Account Setting: Defines the timers for Dashboard Refresh, Summary Refresh, Real-‐time Refresh, AP Map Refresh and UI Timeout. •
Notification Settings: You can move a specific system event between Event category and Notification category so that it will be displayed on a different page of the Cloud Service Manager Portal. 9.1 User Account Management (UAM) Before beginning management of your WLAN system, you will need to acquire a master user account from your service provider. Please refer to the section “Before You Start” to understand how to open the master account. The master user account can access all features of your enterprise WLAN system and manage any sub-‐user accounts. Using the master user account, you can manage the enterprise WLAN system by yourself. However, creating other sub-‐user accounts is recommended, especially for multiple site WLAN systems. There are different types of user accounts; each of which has different privileges roles in daily system management. 9.1.1 User Account Types and Privileges There are different roles in the Relay2 Cloud-‐based WLAN system for an enterprise, each of which has different privileges when managing the system.
Monitor Tab Configure Tab Report Tab Admin Tab Tools Tab Administrator Full access read/write Full access read/write Full access read/write Full access read/write Full access read Config Manager Full access read/write Full access read/write Full access read/write No access Full access read Customer Support Full access read Full access read Full access read No access No access Operator Limited access read Limited access read Read No access No access Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
101
Version 1.7.1
9.1.2 Administrator (Super User) Role Administrator (Super User) is the user with the highest level of authority for the entire enterprise WLAN system. Either Relay2 or your Service Provider (SP) will create at least one Administrator user account for each enterprise. This Administrator user can create other Administrator, Config Manager, Customer Support and Operator user accounts. An Administrator can view the AP inventory of their enterprise and have full access to all configuration, administration and monitoring functions of this enterprise. 9.1.3 Config Manager The Config Manager role is granted monitoring and configuring access for the enterprise WLAN system. A Config Manager cannot view the AP inventory or manage user accounts and system level options (the functions under Administration tab). It can configure the WLAN, AP, Mobile Domain and Security options (the functions under Configure tab) and monitor the system running status (the functions under Monitor tab). 9.1.4 Customer Support The Relay2 Customer Support members are allowed for verification and assistance of end users to access WLANs in the coverage of Relay2 products. The Relay2 or Service Provider Administrators can view the system running status (read options under Monitor tab) and the WLAN, AP, Mobile Domain and Security options (read options under Configure tab), but cannot change any configuration settings. 9.1.5 Operator The Operator role is responsible for daily operation of enterprise WLAN system. An Operator user can only view the system running status (read options under Monitor tab) and the WLAN, AP, Mobile Domain and Security options (read options under Configure tab) but cannot change any configuration. 9.1.6 Create User Accounts To create user accounts, perform the following steps: 1. Click the Admin tab to display all the user accounts listed in the UAM page. 2. Click Add User. 3. Enter the User Name in email format, i.e., [email protected], then the First Name and Last Name, and choose desired role as Administrator/Customer Support or Operator. 4. Click Apply. The following fields will need to be populated to add a user: Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
102
Admin Admin →UAM → Add User Name First Name Last Name Password Confirm Password Role: Administrator Config Manager Customer Support Operator The newly added user will be displayed in the Administration -‐> UAM page. 9.1.7 Delete User Accounts To delete user accounts, perform the following steps: 1. Click the Admin tab to display all the user accounts listed in the UAM page. 2. Select user account and click Delete User. 3. Click Confirm in the pop-‐up window. The page will be refreshed and the user account will no longer be displayed in the list 9.1.8 Reset Password To reset the password perform the following steps: 6. Click the Admin tab. All user accounts are listed in the UAM page. 7. Select User Account and then click Reset Password. 8. Click Confirm in the pop-‐up window 9.2 Account Settings You can change several GUI timers, such as: •
Dashboard Refresh Rate: How fast the Dashboard view is refreshed. •
Summary Refresh Rate: How fast the AP Summary view is refreshed. •
Real-‐time Refresh Rate: Refresh in real-‐time. •
AP MAP Refresh Rate: How fast the AP MAP is refreshed. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
103
Version 1.7.1
Version 1.7.1
•
UI Timeout Value: If there is no action on UI for some time, the account will be automatically logged out. •
Auto Authorize: Automatically authorizes the AP to join the account if there are sufficient licenses. If Auto Authorize is disabled, the AP will show up under the AP icon, with a notification that there are APs waiting to join and the user must manually allow them on. •
Heat map Refresh Rate: How fast the heat map is refreshed. •
AP Auto Downgrade: AP Auto Downgrade will allow an older version of the OS to be pushed down to the AP by the DC Owner. If it is disabled, the AP will ignore a request for an older OS to be pushed down to it. To change any of the above, perform the following steps: 1. Click the Admin -‐> Account Setting link. 2. Change the value and click the Apply button. The following information will be displayed: Admin → Account Setting Dashboard Refresh Rate (in seconds) Summary Refresh Rate (in seconds) Realtime Refresh Rate (in seconds) Ap Map Refresh Rate (in seconds) UI Timeout Value (in minutes) Customer Support e-‐mail Customer Support Phone Number Customer Support Address Company Website Company Logo Default Items per Page (15, 20, 30, 45, 60, 75 or 90) 9.3 Notification Setting You can set email address and SMS to receive AP Events and User Events. Email addresses can be separated by a semicolon for multiple email addresses. SMS email addresses need to be in the format of: [email protected]. These can also be separated by semicolons for multiple numbers. For more information about using SMS email addresses, please contact your carrier’s support group. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
104
Version 1.7.1
3. Click Admin -‐> Notification Setting. 4. Input email address and click Apply. The following table lists the fields that need to be populated. Admin →Notification Settings AP Events
Notification Name Account Email Send to Account SMS Email Address Contact Email (checkbox) AP Lost Connection AP Radio Status Down AP Temperature CPU Temperature CPU Usage Memory Usage User Events Notification Name Email Send to Account Contact Email SMS Email Address (checkbox) Account Status Change Address Change Ap License Transfer Order Status Change Payment Status Change Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
105
Version 1.7.1
10.0 Tools Menu 10.1 BSS (Business Services System) Relay2 Cloud Service Manager integrates a business services system into its solution. If a Service Provider purchases licenses or APs to be transferred to an end-‐customer account (instead of coming from the service provider’s existing inventory), a notification will be generated and is viewable by the end-‐customer with the BSS tool. 10.1.1 Notification To display notifications, click Tools -‐> BSS -‐> Notification, to display notifications. The following data displays. Tools → BSS → Notification Time Name Cause Extended Data User name Type Data can be viewed from the last 2, 6, 12, 24 hours or a custom timeframe can be set by clicking Custom Time in the TimeFrame field on the top left of the screen to view data for a selected time period. 10.1.2 Address To display addresses, click Tools -‐> BSS -‐> Address. The following data is displayed. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
106
Version 1.7.1
Tools → BSS → Address Address Name First Name Last Name Company Name Address Line 1 Address Line 2 (Optional) City State/Province Zip Code/Postal Code Country Phone Number Click on an Address Name to view address details. Any updates that need to be made can be made. Click on Confirm to save the changes. Click on the Add button to add a new address. The Fields in the previous table will display that would nee to be populated. Populate the fields and Click Confirm to add a new name and address. Click on the Delete button to delete the selected address. Click Confirm to confirm deletion. Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
107
11.0 Abbreviations AAA Authentication, Authorization and Accounting AP Access Point CWM Cloud-‐based Wireless Management System DC Data Center (Relay2’s data center which hosts the CWM) RF Radio Frequency SMB Small & Medium Business SP =Service Provider UAM User Access Management VLAN Virtual Local Area Network WLAN Wireless Local Area Network Copyright © 2016 Relay2 Incorporated. All Rights Reserved.
108
Version 1.7.1

Configuration Guide for MVAP Customers

Transcription

Similar documents

Car-Net via WLAN Internet connection via WLAN to

FTTH Guide

WT-100 Quick Guide - Position Partners

Company Fact Sheet 2016

Forming underneath the base of a cumulonimbus cloud, mammatus

WLAN einrichten Installer WLAN Installare WLAN Install WLAN

Baby Monitor and Video Monitoring

Giuseppe Razzano , Neeli R. Prasad , Roberto De Paolis